exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 10 of 10 RSS Feed

Files Date: 2017-04-17 to 2017-04-18

Microsoft Windows MS17-010 SMB Remote Code Execution
Posted Apr 17, 2017
Authored by Sean Dillon | Site metasploit.com

This Metasploit module uses information disclosure to determine if MS17-010 has been patched or not. Specifically, it connects to the IPC$ tree and attempts a transaction on FID 0. If the status returned is "STATUS_INSUFF_SERVER_RESOURCES", the machine does not have the MS17-010 patch. This Metasploit module does not require valid SMB credentials in default server configurations. It can log on as the user "\" and connect to IPC$.

tags | exploit, info disclosure
advisories | CVE-2017-0143, CVE-2017-0144, CVE-2017-0145, CVE-2017-0146, CVE-2017-0147, CVE-2017-0148
SHA-256 | 406793a6d738119ccb6d6413edb253d56dcc7567c30b9802bc8d69cb7209cb0b
Blue Team Training Toolkit (BT3) 2.2
Posted Apr 17, 2017
Authored by Juan J. Guelfo | Site encripto.no

Blue Team Training Toolkit (BT3) is an attempt to introduce improvements in current computer network defense analysis training. Based on adversary replication techniques, and with reusability in mind, BT3 allows individuals and organizations to create realistic computer attack scenarios, while reducing infrastructure costs, implementation time and risk. The Blue Team Training Toolkit is written in Python, and it includes the latest versions of Encripto's Maligno and Pcapteller.

Changes: This release focuses on usability. New commands have been implemented, and error messages related to API operations are now more descriptive.
tags | tool, python
systems | unix
SHA-256 | 6452693362cf081a653c9da4094f4cd28eed8a27db00338da17456c5600822b3
Watchguard Firebox / XTM XXE Injection
Posted Apr 17, 2017
Authored by David Fernandez

Watchguard's Firebox and XTM appliances suffer from XML external entity injection and XML-RPC user enumeration vulnerabilities.

tags | exploit, vulnerability, xxe
SHA-256 | 947dba226b2f6a9ad24e1b5e7af199cf29a3450764e88c890268dcb7b1cd44c2
Huawei HG532n Command Injection
Posted Apr 17, 2017
Authored by Ahmed S. Darwish | Site metasploit.com

This Metasploit module exploits a command injection vulnerability in the Huawei HG532n routers provided by TE-Data Egypt, leading to a root shell. The router's web interface has two kinds of logins, a "limited" user:user login given to all customers and an admin mode. The limited mode is used here to expose the router's telnet port to the outside world through NAT port-forwarding. With telnet now remotely accessible, the router's limited "ATP command line tool" (served over telnet) can be upgraded to a root shell through an injection into the ATP's hidden "ping" command.

tags | exploit, web, shell, root
SHA-256 | 13f129a4c5fe898ac3c2bbe4698d84747643595b279f6dd5ed13bb1e7817b43b
360-FAAR Firewall Analysis Audit And Repair 0.6.2
Posted Apr 17, 2017
Authored by Dan Martin | Site sourceforge.net

360-FAAR Firewall Analysis Audit and Repair is an offline command line perl policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in checkpoint dbedit or screenos commands.

Changes: This release fixes the bug in the cisco asa drop log parser that missed %ASA-6-106100. Various other updates.
tags | tool, perl
systems | unix
SHA-256 | 9530e7f9edc52dc222597d903ee4f6797a20b6cccb765503b6c3082408e9d386
CVE-2017-0199 Practical Exploitation
Posted Apr 17, 2017
Authored by David Routin

This article documents practical exploitation of CVE-2017-0199 and includes a proof of concept.

tags | exploit, proof of concept
advisories | CVE-2017-0199
SHA-256 | 7e95162e6d74646b2e07b57b6589a73c89a2105aa6fc97d5f1fd7552b825222e
Microsoft Word RTF Remote Code Execution
Posted Apr 17, 2017
Authored by Bhadresh Patel

Microsoft Word RTF remote code execution proof of concept exploit.

tags | exploit, remote, code execution, proof of concept
advisories | CVE-2017-0199
SHA-256 | e3af621ee635b743874aebf34413bfde2f9b300518dd7ab7af4dfce56b891d5c
WinSCP 5.9.4 LIST Denial Of Service
Posted Apr 17, 2017
Authored by M. Ibrahim | Site metasploit.com

This Metasploit module will cause a denial of service condition against the WinSCP version 5.9.4 client using the LIST command.

tags | exploit, denial of service
SHA-256 | 70b4a4f4603ab9597bca18a248bf1413f07aecd0e5667bd5fd8aae0701e0f356
VirusChaser 8.0 Buffer Overflow
Posted Apr 17, 2017
Authored by 0x41Li

VirusChaser version 8.0 SEH buffer overflow exploit.

tags | exploit, overflow
SHA-256 | 55d4edfc5e560528047e28f4aa656ddf9ae557f65bf055d9001a301986a25b69
Web Services Penetration Testing
Posted Apr 17, 2017
Authored by Firat Celal Erdik, Mert Tasci

This is a whitepaper that discussing penetration testing against web services. Written in Turkish.

tags | paper, web
SHA-256 | 4883e0979bed91e02253acc95f59113aa6d85ba94b5cdfa5e26ea275754dd7e0
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close