what you don't know can hurt you
Showing 1 - 25 of 103 RSS Feed

Files from Jeremy Brown

Real NameJeremy Brown
Email addressprivate
Websitewww.patchtuesday.org
First Active2008-07-15
Last Active2021-01-04
View User Profile
PIMT 1.0
Posted Jan 4, 2021
Authored by Jeremy Brown | Site github.com

PIMT is a Public Infrastructure Monitoring Tool (pronounced PIM-tee). It queries common recon tools for publicly available data regarding particular organizations based on the domains and keywords provided. It is not meant to provide complete coverage for every external asset that belongs to a company as attackers usually do not have this detailed info or mapping either. One can use it to paint some sort of picture of what external attackers may be looking at, the changes occurring over time and insight for how to further harden the perimeter. The key idea being to provide valuable data to red teams as well as addition al monitoring capabilities for defenders.

tags | tool
systems | unix
MD5 | 15640e4fe41be31efdca68b52b77e376
Zoom 4.6.239.20200613 Meeting Connector Post-Auth Remote Root
Posted Dec 31, 2020
Authored by Jeremy Brown

Zoom version 4.6.239.20200613 suffers from a Meeting Connector post-authentication remote root code execution vulnerability via the proxy server functionality. The latest Zoom client has this issue patched per Zoom.

tags | exploit, remote, root, code execution
MD5 | 502538df7bfbda265c17c493f89179b7
Openpilot Default SSH Key Scanner
Posted Dec 31, 2020
Authored by Jeremy Brown

Openpilot has a default SSH key that can allow attackers remote access if not changed. This script port scans and attempts to login to Openpilot SSH servers with the default key.

tags | exploit, remote
MD5 | b9e467ddb7a4cfc15deec4d13e92486a
HPE Edgeline Infrastructure Manager Improper Authorization
Posted Dec 29, 2020
Authored by Jeremy Brown

HPE Edgeline Infrastructure Manager suffers from multiple broken authorization flows that allow for administrative function access without authenticating and can allow for arbitrary password changes.

tags | exploit, arbitrary
MD5 | 75012bca2029a5ddfe8ad8255b3f5f1b
Cassandra Web 0.5.0 Remote File Read
Posted Dec 29, 2020
Authored by Jeremy Brown

Cassandra Web is vulnerable to directory traversal due to the disabled Rack::Protection module. Apache Cassandra credentials are passed via the CLI in order for the server to auth to it and provide the web access, so they are also one thing that can be captured via the arbitrary file read. Version 0.5.0 is affected.

tags | exploit, web, arbitrary
MD5 | 5d45ddf35f9f55300493bfefe8020924
Stratodesk NoTouch Center Privilege Escalation
Posted Dec 21, 2020
Authored by Jeremy Brown

Stratodesk NoTouch Center virtual appliance suffers from a privilege escalation vulnerability. This was addressed in version 4.4.68.

tags | exploit
advisories | CVE-2020-25917
MD5 | f6ac4d9b376df40c169c841245383a04
Erlang Bytecode String Converter
Posted Dec 21, 2020
Authored by Jeremy Brown

estr2bc is a python script to convert arbitrary string input to Erlang bytecode.

tags | tool, arbitrary, python
systems | unix
MD5 | 095fa28eaa19faca6a6c82b238094580
Ajenti 2.1.31 Command Injection
Posted Dec 2, 2019
Authored by Jeremy Brown, Onur ER | Site metasploit.com

This Metasploit module exploits a command injection in Ajenti version 2.1.31. By injecting a command into the username POST parameter to api/core/auth, a shell can be spawned.

tags | exploit, shell
MD5 | 7c4130c9c91b99ff51567ab20d19ea6e
Podman / Varlink Remote Code Execution
Posted Oct 15, 2019
Authored by Jeremy Brown

Remote exploit for Podman when configured with Varlink that allows for remote command execution, denial of service, directory traversal, and information disclosure vulnerabilities.

tags | exploit, remote, denial of service, vulnerability, info disclosure
MD5 | 877a6bf3a116aaaf342e4d3eba5c9537
Ajenti Remote Command Execution
Posted Oct 11, 2019
Authored by Jeremy Brown

Ajenti suffers from a remote command execution vulnerability.

tags | exploit, remote
MD5 | 132a31448e87adbe514497f20f8d446f
Whale Win32 Attack Surface Toolkit
Posted Dec 7, 2016
Authored by Jeremy Brown

Whale in a win32 attack surface toolkit written in C#. It's capable of monitoring many of different areas of the Windows for new and removed kernel objects, open ports, drivers, services and much more. It also allows a user to test for different bug classes and has found a few interesting issues across the sub-systems.

tags | tool, kernel
systems | windows, 32
MD5 | 7c7cd88d5b54f9d2ccbe3d190ca4c39e
Microsoft Windows 10 x86/x64 WLAN AutoConfig Named Pipe Proof Of Concept
Posted Dec 7, 2016
Authored by Jeremy Brown

Microsoft Windows 10 x86/x64 build 10.0.14393 WLAN autoconfig named pipe denial of service proof of concept exploit.

tags | exploit, denial of service, x86, proof of concept
systems | windows
MD5 | d78a9bd236d6a1942ee373d12364f61f
BlackStratus LOGStorm 4.5.1.35 / 4.5.1.96 Remote Root
Posted Dec 5, 2016
Authored by Jeremy Brown

BlackStratus LOGStorm has multiple vulnerabilities that allow a remote unauthenticated user, among other things, to assume complete control over the virtual appliance with root privileges. This is possible due to multiple network servers listening for network connections by default, allowing authorization with undocumented credentials supported by appliance's OS, web interface and sql server. Versions 4.5.1.35 and 4.5.1.96 are affected.

tags | exploit, remote, web, root, vulnerability
MD5 | 229e9c7351054e6f28651057eb3cffda
ShakeIt Grammar Mutation Engine Fuzzer
Posted Nov 30, 2015
Authored by Jeremy Brown

ShakeIt is a grammar mutation engine targeting browsers and PDF readers. For a given input, such as a web page or PDF file, and an output location, it will generate N mutated test cases. It was implemented in C#, but can be ported to other languages and is meant to fit within an existing fuzzing framework.

tags | tool, web, fuzzer
MD5 | 54c861884798451395aeaab5988a76c7
Portmanteau Unix Driver IOCTL Security Tool
Posted Nov 5, 2015
Authored by Jeremy Brown

Portmanteau is an experimental unix driver IOCTL security tool that is useful for fuzzing and discovering device driver attack surface.

tags | tool
systems | unix
MD5 | e1ff72313a6273d9d6517fa2acc9504a
Libmimedir VCF Memory Corruption Proof Of Concept
Posted Jun 11, 2015
Authored by Jeremy Brown

Libmimedir suffers from a memory corruption vulnerability. Adding two NULL bytes to the end of a VCF file allows a user to manipulate free() calls which occur during it's lexer's memory clean-up procedure. This could lead to exploitable conditions such as crafting a specific memory chunk to allow for arbitrary code execution.

tags | exploit, arbitrary
advisories | CVE-2015-3205
MD5 | 1df4218448d7ac2e97f07d47f005d627
Seagate Central Remote Root
Posted Jun 4, 2015
Authored by Jeremy Brown

Seagate Central by default has a passwordless root account (and no option to change it). This exploit logs into the ftp server and uploads a php shell to the webroot. From there, the uploaded shell can execute commands with root privileges as lighttpd.

tags | exploit, shell, root, php
MD5 | 2a6158d11c1b40429f00b3cddeb09daf
Seagate Central Remote Facebook Access Token
Posted Jun 4, 2015
Authored by Jeremy Brown

Seagate Central stores linked Facebook account access tokens in /etc/archive_accounts.ser and this exploit takes advantage of two bugs - Passwordless root login via FTP to retrieve archive_accounts.ser file which contains access tokens and reuses the unencrypted and unprotected (-rw-r--r--) access tokens for a chosen scope to return data.

tags | exploit, root
MD5 | 7cd4d2e2bae235e1c45b77da702e1e5f
Comodo GeekBuddy Local Privilege Escalation
Posted May 20, 2015
Authored by Jeremy Brown

Comodo GeekBuddy, which is bundled with Comodo Anti-Virus, Comodo Firewall, and Comodo Internet Security, runs a passwordless, background VNC server and listens for incoming connections. This can allow for at least local privilege escalation on several platforms. It also may be remotely exploitable via CSRF-like attacks utilizing a modified web-based VNC client (eg. a Java VNC client).

tags | exploit, java, web, local, virus
MD5 | 9fc05c99e3ced7baa78fc5b8a35e8e13
EMC PowerPath Virtual Appliance Undocumented User Accounts
Posted Apr 1, 2015
Authored by Jeremy Brown | Site emc.com

EMC PowerPath vApp contains undocumented user accounts that may potentially be utilized by malicious users to gain limited unauthorized access to the system. Version 1.x is affected.

tags | advisory
advisories | CVE-2015-0529
MD5 | c7eff923a0c604ac98bf2cc310e95742
ClearSCADA Remote Authentication Bypass
Posted Jan 29, 2015
Authored by Jeremy Brown

There is an authentication bypass vulnerability in ClearSCADA that can be exploited by triggering an exception in dbserver.exe and taking advantage of the way the program handles it.

tags | exploit, bypass
advisories | OSVDB-75022
MD5 | 5a91b8965b0bd7e42547ec87525ee02b
OpenOffice DOC Memory Corruption
Posted Jul 26, 2013
Authored by Jeremy Brown

Apache OpenOffice suffers from a vulnerability that is caused by operating on invalid PLCF (Plex of Character Positions in File) data when parsing a malformed DOC document file. Specially crafted documents can be used for denial-of-service attacks. Further exploits are possible but have not been verified. Versions affected include Apache OpenOffice 3.4.0 to 3.4.1 on all platforms.

tags | advisory
advisories | CVE-2013-2189
MD5 | 5ff23bea25fe066db860831c72f1dc8a
VMWare OVF Tools Format String
Posted Feb 6, 2013
Authored by Jeremy Brown, juan vazquez | Site metasploit.com

This Metasploit module exploits a format string vulnerability in VMWare OVF Tools 2.1 for Windows. The vulnerability occurs when printing error messages while parsing a a malformed OVF file. The module has been tested successfully with VMWare OVF Tools 2.1 on Windows XP SP3.

tags | exploit
systems | windows, xp
advisories | CVE-2012-3569, OSVDB-87117
MD5 | c305987e1b5b0f2ca5be4dc99b9547a1
VMWare OVF Tools Format String
Posted Feb 6, 2013
Authored by Jeremy Brown, juan vazquez | Site metasploit.com

This Metasploit module exploits a format string vulnerability in VMWare OVF Tools 2.1 for Windows. The vulnerability occurs when printing error messages while parsing a a malformed OVF file. The module has been tested successfully with VMWare OVF Tools 2.1 on Windows XP SP3.

tags | exploit
systems | windows, xp
advisories | CVE-2012-3569, OSVDB-87117
MD5 | f525bc1c9d5f21294e79afd950a4acc6
Enterasys NetSight nssyslogd.exe Buffer Overflow
Posted Jan 4, 2013
Authored by Jeremy Brown | Site metasploit.com

This Metasploit module exploits a stack buffer overflow in Enterasys NetSight. The vulnerability exists in the Syslog service (nssylogd.exe) when parsing a specially crafted PRIO from a syslog message. The module has been tested successfully on Enterasys NetSight 4.0.1.34 over Windows XP SP3 and Windows 2003 SP2.

tags | exploit, overflow
systems | windows, xp
advisories | CVE-2011-5227, OSVDB-77971
MD5 | 94b5565ea73b5e2ffa5148137c79b1af
Page 1 of 5
Back12345Next

File Archive:

January 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    4 Files
  • 2
    Jan 2nd
    3 Files
  • 3
    Jan 3rd
    3 Files
  • 4
    Jan 4th
    33 Files
  • 5
    Jan 5th
    31 Files
  • 6
    Jan 6th
    21 Files
  • 7
    Jan 7th
    15 Files
  • 8
    Jan 8th
    19 Files
  • 9
    Jan 9th
    1 Files
  • 10
    Jan 10th
    1 Files
  • 11
    Jan 11th
    33 Files
  • 12
    Jan 12th
    19 Files
  • 13
    Jan 13th
    27 Files
  • 14
    Jan 14th
    8 Files
  • 15
    Jan 15th
    16 Files
  • 16
    Jan 16th
    1 Files
  • 17
    Jan 17th
    2 Files
  • 18
    Jan 18th
    20 Files
  • 19
    Jan 19th
    32 Files
  • 20
    Jan 20th
    15 Files
  • 21
    Jan 21st
    10 Files
  • 22
    Jan 22nd
    16 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    0 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close