This Metasploit module exploits a remote code execution in the web panel of Phoenix Exploit Kit via the geoip.php. The Phoenix Exploit Kit is a popular commercial crimeware tool that probes the browser of the visitor for the presence of outdated and insecure versions of browser plugins like Java, and Adobe Flash and Reader which then silently installs malware.
aad984f8708901b83c5d2147e19d13750c153fefe31400973769c9a1fcdedf8cThis Metasploit module exploits a buffer overflow vulnerability found in the PUT command of the PCMAN FTP server version 2.0.7. This requires authentication but by default anonymous credentials are enabled.
860df3259810620f34c556a18da76a197f8c3e0724e8476d20abc5f9f70ce870This Metasploit module exploits a remote code execution vulnerability in PHP Utility Belt, which is a set of tools for PHP developers and should not be installed in a production environment, since this application runs arbitrary PHP code as an intended functionality.
2e8528e3811c7d93f83ce9f7eaaa80a6321b298dc7b5c63c52212036dbd43291This Metasploit module exploits a remote command execution on the Legend Perl IRC Bot . This bot has been used as a payload in the Shellshock spam last October 2014. This particular bot has functionalities like NMAP scanning, TCP, HTTP, SQL, and UDP flooding, the ability to remove system logs, and ability to gain root, and VNC scanning. Kevin Stevens, a Senior Threat Researcher at Damballa has uploaded this script to VirusTotal with a md5 of 11a9f1589472efa719827079c3d13f76.
0cc139b4c6b9c45be686acca2dd23b5b8721a770d99f66699d03a8dd546d9d45This Metasploit module allows remote command execution on an IRC Bot developed by xdh. This perl bot was caught by Conor Patrick with his shellshock honeypot server and is categorized by Markus Zanke as an fBot (Fire & Forget - DDoS Bot). Matt Thayer also found this script which has a description of LinuxNet perlbot. The bot answers only based on the servername and nickname in the IRC message which is configured on the perl script thus you need to be an operator on the IRC network to spoof it and in order to exploit this bot or have at least the same ip to the config.
dcceeba8df965c1937cb0d548603d7c0459697a03cebe3401045655277b8c71cThis Metasploit module exploits a remote code execution vulnerability in phpFileManager 0.9.8 which is a filesystem management tool on a single file.
6deaa42854a12bc36ae3c7e06620c542ad37b9dff69c0ee0a7ea8a418934ad50BisonWare BisonFTP Server version 3.5 is prone to an overflow condition. This Metasploit module exploits a buffer overflow vulnerability in said application.
ad92db3f8a0dd8f3d603187873cbcc879f069b52034b56d5481e2bd22b4892ddThis Metasploit module exploits Th3 MMA mma.php Backdoor which allows an arbitrary file upload that leads to arbitrary code execution. This backdoor also echoes the Linux kernel version or operating system version because of the php_uname() function.
a6cc00b9d3f5414b03d4d4a58644c38267378b49d138c71d6af4288198c8112cThis Metasploit module exploits the CnC web panel of Zemra Botnet which contains a backdoor inside its leaked source code. Zemra is a crimeware bot that can be used to conduct DDoS attacks and is detected by Symantec as Backdoor.Zemra.
bba4847d938e70eaa639f5ffbd593428a114739a4c9d9e43f69cba60825e2b73This Metasploit module exploits unauthenticated simple web backdoor shells by leveraging the common backdoor shell's CMD parameter to execute commands. The SecLists project of Daniel Miessler and Jason Haddix has a lot of samples for these kind of backdoor shells which is categorized under Payloads.
96b4d85b82093a7747d2255737fa73cdfabac010e4e6a0f9042ac20b0cd78d73PCMan FTP Server version 2.0.7 suffers from a directory traversal vulnerability.
e377ce572fb44bf79adeccd6d80f6e799f096b1c0279f26b2d558839516a13bdBisonWare BisonFTP version 3.5 suffers from a directory traversal vulnerability.
1575080d2288468ab9940c569c8d1809df7eea9a1a1378d054311901e42a6d5bThis Metasploit module allows remote command execution on the w3tw0rk / Pitbul IRC Bot.
a66d2214cda0b74148ccafd0385d0e911312b00a6a8e83f79d778d3df8c97ac7PCMan FTP Server version 2.0.7 PUT command buffer overflow exploit that spawns a bindshell on tcp/9988.
079e0b6e1b52360946c41880b50c6c8953ec9da37460c0897e1787cb1c5cd5bcRealTimes (Realplayer) versions 18.0.1.6 and below suffer from a desktop service trusted path privilege escalation vulnerability.
a464f6ef7f8e5ab701f2dd718de925bb0e3201cd2c1a94efc90b3b217d06f0bcDreamBox DM500s suffers from a cross site scripting vulnerability.
1fb8f30202be86e4f413656dff4cb65aee9c8bc5f7089efa996a8a1f7afdfbb2Simple proof of concept tool to leverage remote code execution on the Legend perl IRC bot.
7ed64a03ba8a28e4a3162e46f413835566f71dbc30233138782e899686ac85d9Proof of concept exploit for the Pitbull and w3tw0rk IRC bots that takes over the owner of a bot which then allows for remote code execution.
25d37202a1a216b2b3b0ea44f8cc962fb754a7bbee64d6160acc06a8185d216aBackup File Finder is a discovery module for Recon-NG that checks hosts for exposed backup files. The default configuration searches for wp-config.php files which contain WordPress database configuration information.
e2a1b50ffde6e78f47fb1689941867580a665c3ad6ca97dc73fe66d832856946Interesting File Finder is a discovery module for Recon-NG framework which checks hosts for interesting files in predictable locations.
ba1e26712709fcad3a38f2e0d4785244718cd606547b70a24fcd141746e55868This is a Webwiz Rich Text Editor file upload page discovery module for Recon-NG.
865eb4c812edca67575bd0f50b8854c158f04d5a59f498bb0dcc994a35bcecf6GenericRestaurantMenu is a discovery module for Recon-NG that looks for Menu Categories Editor page vulnerabilities including SQL injection.
f943a5ee2c3e7871721b443d21b01ae5f16ce393bf8c4fcfe241ffc0046144ffThis is a vulnerability checking script for Recon-NG that looks for hosts with a Dot Net Nuke fcklinkgallery page that allows for a remote shell upload.
ed7c15cc25a3447557533bfd64be83d545b106112fe7ad39f81e52e6935755c3This Metasploit module allows remote command execution on the PHP IRC bot pbot by abusing the usage of eval() in the implementation of the .php command. In order to work, the data to connect to the IRC server and channel where find pbot must be provided. The module has been successfully tested on the version of pbot analyzed by Jay Turla, and published on Infosec Institute, running over Ubuntu 10.04 and Windows XP SP3.
af5927c4e9d6a607a05e48844259bb81f722ee9404fcdab77834d99f0a04d614
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed