what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 26 - 50 of 118 RSS Feed

Files from Jeremy Brown

Real NameJeremy Brown
Email addressprivate
Websitewww.patchtuesday.org
First Active2008-07-15
Last Active2022-09-05
View User Profile
Whale Win32 Attack Surface Toolkit
Posted Dec 7, 2016
Authored by Jeremy Brown

Whale in a win32 attack surface toolkit written in C#. It's capable of monitoring many of different areas of the Windows for new and removed kernel objects, open ports, drivers, services and much more. It also allows a user to test for different bug classes and has found a few interesting issues across the sub-systems.

tags | tool, kernel
systems | windows
SHA-256 | b15f4fd333fcf9d670e064eb5b3dad7f4a747ec68639d072cdd1b87952bd0932
Microsoft Windows 10 x86/x64 WLAN AutoConfig Named Pipe Proof Of Concept
Posted Dec 7, 2016
Authored by Jeremy Brown

Microsoft Windows 10 x86/x64 build 10.0.14393 WLAN autoconfig named pipe denial of service proof of concept exploit.

tags | exploit, denial of service, x86, proof of concept
systems | windows
SHA-256 | 2ea784cb2e8c7480e908e5c807ce3794e55180d4810c749af54e54a9ebd67e38
BlackStratus LOGStorm 4.5.1.35 / 4.5.1.96 Remote Root
Posted Dec 5, 2016
Authored by Jeremy Brown

BlackStratus LOGStorm has multiple vulnerabilities that allow a remote unauthenticated user, among other things, to assume complete control over the virtual appliance with root privileges. This is possible due to multiple network servers listening for network connections by default, allowing authorization with undocumented credentials supported by appliance's OS, web interface and sql server. Versions 4.5.1.35 and 4.5.1.96 are affected.

tags | exploit, remote, web, root, vulnerability
SHA-256 | bd30887efb78ca75643bdfeb691e5df802ec1870544c4f1e7545cffa5cd735a5
ShakeIt Grammar Mutation Engine Fuzzer
Posted Nov 30, 2015
Authored by Jeremy Brown

ShakeIt is a grammar mutation engine targeting browsers and PDF readers. For a given input, such as a web page or PDF file, and an output location, it will generate N mutated test cases. It was implemented in C#, but can be ported to other languages and is meant to fit within an existing fuzzing framework.

tags | tool, web, fuzzer
SHA-256 | 2c0f6f6b21b511449035e2b2b61b08aee0745f3cdf87d7aafc0923f37045eda2
Portmanteau Unix Driver IOCTL Security Tool
Posted Nov 5, 2015
Authored by Jeremy Brown

Portmanteau is an experimental unix driver IOCTL security tool that is useful for fuzzing and discovering device driver attack surface.

tags | tool
systems | unix
SHA-256 | f28103bb662242ae801f776d08ccdde67c38f672be8c6e74442448c1196c65d8
Libmimedir VCF Memory Corruption Proof Of Concept
Posted Jun 11, 2015
Authored by Jeremy Brown

Libmimedir suffers from a memory corruption vulnerability. Adding two NULL bytes to the end of a VCF file allows a user to manipulate free() calls which occur during it's lexer's memory clean-up procedure. This could lead to exploitable conditions such as crafting a specific memory chunk to allow for arbitrary code execution.

tags | exploit, arbitrary
advisories | CVE-2015-3205
SHA-256 | 782706b36ec37423bb60b4189000385c972cba361ddd33631487a01b1346633a
Seagate Central Remote Root
Posted Jun 4, 2015
Authored by Jeremy Brown

Seagate Central by default has a passwordless root account (and no option to change it). This exploit logs into the ftp server and uploads a php shell to the webroot. From there, the uploaded shell can execute commands with root privileges as lighttpd.

tags | exploit, shell, root, php
SHA-256 | 4a656cf67191a9b5d586dc37c9e4d421b37d29b2e9e8805a00d6eaf3e1021219
Seagate Central Remote Facebook Access Token
Posted Jun 4, 2015
Authored by Jeremy Brown

Seagate Central stores linked Facebook account access tokens in /etc/archive_accounts.ser and this exploit takes advantage of two bugs - Passwordless root login via FTP to retrieve archive_accounts.ser file which contains access tokens and reuses the unencrypted and unprotected (-rw-r--r--) access tokens for a chosen scope to return data.

tags | exploit, root
SHA-256 | 63740e368582aaa39bf0e329e2d82cdd141937b5026cb93e2a3e1238803204cf
Comodo GeekBuddy Local Privilege Escalation
Posted May 20, 2015
Authored by Jeremy Brown

Comodo GeekBuddy, which is bundled with Comodo Anti-Virus, Comodo Firewall, and Comodo Internet Security, runs a passwordless, background VNC server and listens for incoming connections. This can allow for at least local privilege escalation on several platforms. It also may be remotely exploitable via CSRF-like attacks utilizing a modified web-based VNC client (eg. a Java VNC client).

tags | exploit, java, web, local, virus
SHA-256 | 9f9180461e9cd73423e245a053523757ad172b33d270f5c669f95253b81dd237
EMC PowerPath Virtual Appliance Undocumented User Accounts
Posted Apr 1, 2015
Authored by Jeremy Brown | Site emc.com

EMC PowerPath vApp contains undocumented user accounts that may potentially be utilized by malicious users to gain limited unauthorized access to the system. Version 1.x is affected.

tags | advisory
advisories | CVE-2015-0529
SHA-256 | 5c724dc11b55e6135597280fe27cc4c8461fd6d24bff85235297e73f979e85f7
ClearSCADA Remote Authentication Bypass
Posted Jan 29, 2015
Authored by Jeremy Brown

There is an authentication bypass vulnerability in ClearSCADA that can be exploited by triggering an exception in dbserver.exe and taking advantage of the way the program handles it.

tags | exploit, bypass
advisories | OSVDB-75022
SHA-256 | 7297622cf93f018ee50d502b4deb7ac9d83396bceed64caa328eab02705135a7
OpenOffice DOC Memory Corruption
Posted Jul 26, 2013
Authored by Jeremy Brown

Apache OpenOffice suffers from a vulnerability that is caused by operating on invalid PLCF (Plex of Character Positions in File) data when parsing a malformed DOC document file. Specially crafted documents can be used for denial-of-service attacks. Further exploits are possible but have not been verified. Versions affected include Apache OpenOffice 3.4.0 to 3.4.1 on all platforms.

tags | advisory
advisories | CVE-2013-2189
SHA-256 | b07c9e7c2f54011267e57cd0ce5a5198611a832d36e144dd8d1921b7f7ca3078
VMWare OVF Tools Format String
Posted Feb 6, 2013
Authored by Jeremy Brown, juan vazquez | Site metasploit.com

This Metasploit module exploits a format string vulnerability in VMWare OVF Tools 2.1 for Windows. The vulnerability occurs when printing error messages while parsing a a malformed OVF file. The module has been tested successfully with VMWare OVF Tools 2.1 on Windows XP SP3.

tags | exploit
systems | windows
advisories | CVE-2012-3569, OSVDB-87117
SHA-256 | 947c3e740f21931c7ef1cd3e576fdca5e6de25b2e58c1c570786397ac62955dd
VMWare OVF Tools Format String
Posted Feb 6, 2013
Authored by Jeremy Brown, juan vazquez | Site metasploit.com

This Metasploit module exploits a format string vulnerability in VMWare OVF Tools 2.1 for Windows. The vulnerability occurs when printing error messages while parsing a a malformed OVF file. The module has been tested successfully with VMWare OVF Tools 2.1 on Windows XP SP3.

tags | exploit
systems | windows
advisories | CVE-2012-3569, OSVDB-87117
SHA-256 | 9db02738e3d911d404dec888f15753cc6ace8f4996b9bf8064037d16d77e53a5
Enterasys NetSight nssyslogd.exe Buffer Overflow
Posted Jan 4, 2013
Authored by Jeremy Brown | Site metasploit.com

This Metasploit module exploits a stack buffer overflow in Enterasys NetSight. The vulnerability exists in the Syslog service (nssylogd.exe) when parsing a specially crafted PRIO from a syslog message. The module has been tested successfully on Enterasys NetSight 4.0.1.34 over Windows XP SP3 and Windows 2003 SP2.

tags | exploit, overflow
systems | windows
advisories | CVE-2011-5227, OSVDB-77971
SHA-256 | a2a7abb62b7094d36913fa79d19bb69245717566e1704427edc640d574c4528e
IBM Tivoli Endpoint Manager POST Query Buffer Overflow
Posted Jun 12, 2011
Authored by bannedit, Jeremy Brown | Site metasploit.com

This Metasploit module exploits a stack based buffer overflow in the way IBM Tivoli Endpoint Manager versions 3.7.1, 4.1, 4.1.1, 4.3.1 handles long POST query arguments. This issue can be triggered by sending a specially crafted HTTP POST request to the service (lcfd.exe) listening on TCP port 9495. To trigger this issue authorization is required. This exploit makes use of a second vulnerability, a hardcoded account (tivoli/boss) is used to bypass the authorization restriction.

tags | exploit, web, overflow, tcp
advisories | CVE-2011-1220, OSVDB-72713, OSVDB-72751
SHA-256 | e26c45a50f92baafd2fb68a99ebdaa1c0b4d55454982b873642bcb3d0f2a41d7
IBM Tivoli Endpoint 4.1.1 Buffer Overflow / Hard-Coded Credentials
Posted Jun 7, 2011
Authored by Jeremy Brown

IBM Tivoli Endpoint version 4.1.1 remote SYSTEM exploit that leverages hard-coded base64 encoded authentication credentials in lcfd.exe and a stack-based buffer overflow when parsing HTTP variable values. Spawns a reverse shell to port 4444.

tags | exploit, remote, web, overflow, shell
SHA-256 | 0f8374a53f9ea835a56ed4f488e0af7bb4381a6ce425701de24237adb0986946
Progea Movicon TCPUploadServer Arbitrary Execution
Posted Mar 23, 2011
Authored by Jeremy Brown

The Progea Movicon 11 TCPUploadServer allows remote users to execute functions on the server without any form of authentication. Impacts include deletion of arbitrary files, execution of a program with an arbitrary argument, crashing the server, information disclosure, and more. This design flaw puts the host running this server at risk of potentially unauthorized functions being executed on the system.

tags | exploit, remote, arbitrary, info disclosure
SHA-256 | fbc50819938d8873cd7f19b69cc6ec9e277dfe76726a60a616df1890c4c8cdf8
IGSS 8 ODBC Server Denial Of Service
Posted Mar 23, 2011
Authored by Jeremy Brown

There are multiple remote uninitialized pointer free conditions in IGSS's ODBC server. By sending a specially crafted packet to listening port 20222, it is possible to crash the server. Execution of arbitrary code is unlikely.

tags | exploit, remote, denial of service, arbitrary
SHA-256 | d82e97b8f0e340895167edfec6e1532847830e7ddab52ff2c288237ef372149f
Automated Solutions Modbus/TCP OPC Server Heap Corruption
Posted Jan 25, 2011
Authored by Jeremy Brown

Automated Solutions Modbus/TCP OPC server remote heap corruption proof of concept exploit.

tags | exploit, remote, tcp, proof of concept
SHA-256 | 7ae800a71fe8daeefaa450bea5c62d13d9d5ab75b738f8589eca89bcfcdeec1f
Objectivity/DB Lack Of Authentication
Posted Jan 14, 2011
Authored by Jeremy Brown

Objectivity/DB includes many different tools for administration. The problem is, anyone can use these tools to perform operations on the host running the lock server, advanced multithreaded server, and probably it's other servers as well, without any authentication. This design flaw puts the host running these servers at risk of potentially unauthorized operations being performed on the system, locally or remotely. This exploit demonstrates this issue and was tested on Objectivity/DB 10 running on Windows.

tags | exploit
systems | windows
SHA-256 | e70ea4466739e596a06c0f314f33e2954e9ab0e032242029fe9f8ed5bb3c90b8
Ecava IntegraXor Remote Active-X Buffer Overflow
Posted Dec 18, 2010
Authored by Jeremy Brown

Ecava IntegraXor remote active-x buffer overflow proof of concept exploit that leverages a buffer overflow vulnerability.

tags | exploit, remote, overflow, activex, proof of concept
SHA-256 | ccf785b70aa56c4ae7dfb3573cb7ebb521c9081241644d03f355367c2785b3c0
BACnet OPC Client Buffer Overflow
Posted Nov 12, 2010
Authored by Jeremy Brown, MC | Site metasploit.com

This Metasploit module exploits a stack overflow in SCADA Engine BACnet OPC Client v1.0.24. When the BACnet OPC Client parses a specially crafted csv file, arbitrary code may be executed.

tags | exploit, overflow, arbitrary
SHA-256 | 2c6eff3365a8cd3ef62a57d222795cb41fc95f13bba51789e6bb9bd0f996aeda
BACnet OPC Client Buffer Overflow
Posted Sep 17, 2010
Authored by Jeremy Brown

BACnet OPC client buffer overflow exploit with user add shellcode. Version 1.0.24 is affected.

tags | exploit, overflow, shellcode
SHA-256 | 82e3bd34954d5e874092a39ebcfef2d99c8506866165135cec2715eb1de7ea49
bf3.tar.gz
Posted Feb 4, 2010
Authored by Jeremy Brown | Site krakowlabs.com

Browser Fuzzer 3 (bf3) is a comprehensive web browser fuzzer that fuzzes CSS, DOM, HTML and JavaScript.

tags | web, javascript, fuzzer
SHA-256 | ab072a52f4342b6af64d4ce2b1a3e18aae40f2dd2bcb3ddffb4cd1711e4150d1
Page 2 of 5
Back12345Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close