Twenty Year Anniversary
Showing 1 - 10 of 10 RSS Feed

Files Date: 2017-04-17

Microsoft Windows MS17-010 SMB Remote Code Execution
Posted Apr 17, 2017
Authored by Sean Dillon | Site

This Metasploit module uses information disclosure to determine if MS17-010 has been patched or not. Specifically, it connects to the IPC$ tree and attempts a transaction on FID 0. If the status returned is "STATUS_INSUFF_SERVER_RESOURCES", the machine does not have the MS17-010 patch. This Metasploit module does not require valid SMB credentials in default server configurations. It can log on as the user "\" and connect to IPC$.

tags | exploit, info disclosure
advisories | CVE-2017-0143, CVE-2017-0144, CVE-2017-0145, CVE-2017-0146, CVE-2017-0147, CVE-2017-0148
MD5 | 89159784c9ed66494a7cec42e5285517
Blue Team Training Toolkit (BT3) 2.2
Posted Apr 17, 2017
Authored by Juan J. Guelfo | Site

Blue Team Training Toolkit (BT3) is an attempt to introduce improvements in current computer network defense analysis training. Based on adversary replication techniques, and with reusability in mind, BT3 allows individuals and organizations to create realistic computer attack scenarios, while reducing infrastructure costs, implementation time and risk. The Blue Team Training Toolkit is written in Python, and it includes the latest versions of Encripto's Maligno and Pcapteller.

Changes: This release focuses on usability. New commands have been implemented, and error messages related to API operations are now more descriptive.
tags | tool, python
systems | unix
MD5 | 25b5c99f377d029bc54e7c2f708d20b1
Watchguard Firebox / XTM XXE Injection
Posted Apr 17, 2017
Authored by David Fernandez

Watchguard's Firebox and XTM appliances suffer from XML external entity injection and XML-RPC user enumeration vulnerabilities.

tags | exploit, vulnerability
MD5 | fc81bd26428ae0fa35796c34f171c13a
Huawei HG532n Command Injection
Posted Apr 17, 2017
Authored by Ahmed S. Darwish | Site

This Metasploit module exploits a command injection vulnerability in the Huawei HG532n routers provided by TE-Data Egypt, leading to a root shell. The router's web interface has two kinds of logins, a "limited" user:user login given to all customers and an admin mode. The limited mode is used here to expose the router's telnet port to the outside world through NAT port-forwarding. With telnet now remotely accessible, the router's limited "ATP command line tool" (served over telnet) can be upgraded to a root shell through an injection into the ATP's hidden "ping" command.

tags | exploit, web, shell, root
MD5 | 5846ef508d85837a4608f1c94c201d64
360-FAAR Firewall Analysis Audit And Repair 0.6.2
Posted Apr 17, 2017
Authored by Dan Martin | Site

360-FAAR Firewall Analysis Audit and Repair is an offline command line perl policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in checkpoint dbedit or screenos commands.

Changes: This release fixes the bug in the cisco asa drop log parser that missed %ASA-6-106100. Various other updates.
tags | tool, perl
systems | unix
MD5 | b89c2831979ada2d1e3b0440139a40b5
CVE-2017-0199 Practical Exploitation
Posted Apr 17, 2017
Authored by David Routin

This article documents practical exploitation of CVE-2017-0199 and includes a proof of concept.

tags | exploit, proof of concept
advisories | CVE-2017-0199
MD5 | b03e34017c4b989f9ac59f7b459a5cfe
Microsoft Word RTF Remote Code Execution
Posted Apr 17, 2017
Authored by Bhadresh Patel

Microsoft Word RTF remote code execution proof of concept exploit.

tags | exploit, remote, code execution, proof of concept
advisories | CVE-2017-0199
MD5 | f937dc70e4f902d07449912a173ea332
WinSCP 5.9.4 LIST Denial Of Service
Posted Apr 17, 2017
Authored by M. Ibrahim | Site

This Metasploit module will cause a denial of service condition against the WinSCP version 5.9.4 client using the LIST command.

tags | exploit, denial of service
MD5 | 0790610643d9c770d4cffd690299dfe0
VirusChaser 8.0 Buffer Overflow
Posted Apr 17, 2017
Authored by 0x41Li

VirusChaser version 8.0 SEH buffer overflow exploit.

tags | exploit, overflow
MD5 | a49d7be8ab96a87009c882fc28adc47d
Web Services Penetration Testing
Posted Apr 17, 2017
Authored by Firat Celal Erdik, Mert Tasci

This is a whitepaper that discussing penetration testing against web services. Written in Turkish.

tags | paper, web
MD5 | 0d44214ba96b783c46bbca2a6e34d070
Page 1 of 1

Want To Donate?

Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

April 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    5 Files
  • 2
    Apr 2nd
    17 Files
  • 3
    Apr 3rd
    11 Files
  • 4
    Apr 4th
    21 Files
  • 5
    Apr 5th
    17 Files
  • 6
    Apr 6th
    12 Files
  • 7
    Apr 7th
    1 Files
  • 8
    Apr 8th
    6 Files
  • 9
    Apr 9th
    21 Files
  • 10
    Apr 10th
    18 Files
  • 11
    Apr 11th
    42 Files
  • 12
    Apr 12th
    7 Files
  • 13
    Apr 13th
    14 Files
  • 14
    Apr 14th
    1 Files
  • 15
    Apr 15th
    1 Files
  • 16
    Apr 16th
    15 Files
  • 17
    Apr 17th
    20 Files
  • 18
    Apr 18th
    24 Files
  • 19
    Apr 19th
    20 Files
  • 20
    Apr 20th
    7 Files
  • 21
    Apr 21st
    10 Files
  • 22
    Apr 22nd
    2 Files
  • 23
    Apr 23rd
    17 Files
  • 24
    Apr 24th
    24 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2018 Packet Storm. All rights reserved.

Security Services
Hosting By