exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 490 RSS Feed

Files Date: 2024-08-31 to 2024-08-31

NTP Mode 6 UNSETTRAP DRDoS Scanner
Posted Aug 31, 2024
Authored by Jon Hart | Site metasploit.com

This Metasploit module identifies NTP servers which permit mode 6 UNSETTRAP requests that can be used to conduct DRDoS attacks. In some configurations, NTP servers will respond to UNSETTRAP requests with multiple packets, allowing remote attackers to cause a distributed, reflected denial of service (aka, "DRDoS" or traffic amplification) via spoofed requests.

tags | exploit, remote, denial of service, spoof
advisories | CVE-2013-5211
SHA-256 | 31621f3b6adf84cb730b81f9bedd0d5ea28c3b18ec44bdae7f848cc723eb9ddb
NTP Monitor List Scanner
Posted Aug 31, 2024
Authored by H D Moore | Site metasploit.com

This Metasploit module identifies NTP servers which permit "monlist" queries and obtains the recent clients list. The monlist feature allows remote attackers to cause a denial of service (traffic amplification) via spoofed requests. The more clients there are in the list, the greater the amplification.

tags | exploit, remote, denial of service, spoof
advisories | CVE-2013-5211
SHA-256 | a5bd2be6d6639dad2ac8a8c5aadde7826dba8b96423872299961fe6135ef827c
NTP Mode 7 PEER_LIST_SUM Denial Of Service Scanner
Posted Aug 31, 2024
Authored by Jon Hart | Site metasploit.com

This Metasploit module identifies NTP servers which permit "PEER_LIST_SUM" queries and return responses that are larger in size or greater in quantity than the request, allowing remote attackers to cause a distributed, reflected denial of service (aka, "DRDoS" or traffic amplification) via spoofed requests.

tags | exploit, remote, denial of service, spoof
advisories | CVE-2013-5211
SHA-256 | 273e8598ce4a789ce6d57d34e58ef98d7869ba325e655e50c1718bbe3ecde008
NTP Clock Variables Disclosure
Posted Aug 31, 2024
Authored by Jon Hart | Site metasploit.com

This Metasploit module reads the system internal NTP variables. These variables contain potentially sensitive information, such as the NTP software version, operating system version, peers, and more.

tags | exploit
advisories | CVE-2013-5211
SHA-256 | e16cfa3e8bfd6d9000e68d4cbf6b3255490ec60c03ecb58123181f76af392248
NTP Mode 6 REQ_NONCE DRDoS Scanner
Posted Aug 31, 2024
Authored by Jon Hart | Site metasploit.com

This Metasploit module identifies NTP servers which permit mode 6 REQ_NONCE requests that can be used to conduct DRDoS attacks. In some configurations, NTP servers will respond to REQ_NONCE requests with a response larger than the request, allowing remote attackers to cause a distributed, reflected denial of service (aka, "DRDoS" or traffic amplification) via spoofed requests.

tags | exploit, remote, denial of service, spoof
advisories | CVE-2013-5211
SHA-256 | 7c04588bd861a077918678e95f126ec5037b6e8df43ffb7afd4db2bd791c1733
NTP NAK To The Future
Posted Aug 31, 2024
Authored by Jon Hart, Matthew Van Gundy | Site metasploit.com

Crypto-NAK packets can be used to cause ntpd to accept time from unauthenticated ephemeral symmetric peers by bypassing the authentication required to mobilize peer associations. This Metasploit module sends these Crypto-NAK packets in order to establish an association between the target ntpd instance and the attacking client. The end goal is to cause ntpd to declare the legitimate peers "false tickers" and choose the attacking clients as the preferred peers, allowing these peers to control time.

tags | exploit, crypto
advisories | CVE-2015-7871
SHA-256 | 6e2bb149f0c9a147fad33b95c5cfbcc5e8373753ed367acdeb9fa2b34bc84d4a
OpenSSL Server-Side ChangeCipherSpec Injection Scanner
Posted Aug 31, 2024
Authored by juan vazquez, Craig Young, Masashi Kikuchi | Site metasploit.com

This Metasploit module checks for the OpenSSL ChangeCipherSpec (CCS) Injection vulnerability. The problem exists in the handling of early CCS messages during session negotiation. Vulnerable installations of OpenSSL accepts them, while later implementations do not. If successful, an attacker can leverage this vulnerability to perform a man-in-the-middle (MITM) attack by downgrading the cipher spec between a client and server. This issue was first reported in early June, 2014.

tags | exploit
advisories | CVE-2014-0224
SHA-256 | 50d2ae16c07b123362ddd9c4123d103a1aaf098f3776f32cfd170977a46bd234
PostgreSQL Database Name Command Line Flag Injection
Posted Aug 31, 2024
Authored by Jay Turla | Site metasploit.com

This Metasploit module can identify PostgreSQL 9.0, 9.1, and 9.2 servers that are vulnerable to command-line flag injection through CVE-2013-1899. This can lead to denial of service, privilege escalation, or even arbitrary code execution.

tags | exploit, denial of service, arbitrary, code execution
advisories | CVE-2013-1899
SHA-256 | 85635e053df5e304bbf5196ce9efa74067c05cc8dd4eb7e8f6f3808c60813a49
Varnish Cache CLI Login Utility
Posted Aug 31, 2024
Authored by h00die, aushack | Site metasploit.com

This Metasploit module attempts to login to the Varnish Cache (varnishd) CLI instance using a bruteforce list of passwords.

tags | exploit
advisories | CVE-2009-2936
SHA-256 | 8e3762c08b09fcbd9c54cc1f7bc026ff226ffde59424745f6b3b8190cd4dfb6c
Varnish Cache CLI File Read
Posted Aug 31, 2024
Authored by patrick, h00die | Site metasploit.com

This Metasploit module attempts to read the first line of a file by abusing the error message when compiling a file with vcl.load.

tags | exploit
advisories | CVE-2009-2936
SHA-256 | 686a425c40952290c7d61f15e0ffd8773aab2cc417d5a6790a52366d7dd49413
Chargen Probe Utility
Posted Aug 31, 2024
Authored by Matteo Cantoni | Site metasploit.com

Chargen is a debugging and measurement tool and a character generator service. A character generator service simply sends data without regard to the input. Chargen is susceptible to spoofing the source of transmissions as well as use in a reflection attack vector. The misuse of the testing features of the Chargen service may allow attackers to craft malicious network payloads and reflect them by spoofing the transmission source to effectively direct it to a target. This can result in traffic loops and service degradation with large amounts of network traffic.

tags | exploit, spoof
advisories | CVE-1999-0103
SHA-256 | 52953bf9fe3f79cb5c689f464333697b3fc90f8deb33819929445f342870c0ae
Brocade Enable Login Check Scanner
Posted Aug 31, 2024
Authored by h00die | Site metasploit.com

This Metasploit module will test a range of Brocade network devices for a privileged logins and report successes. The device authentication mode must be set as aaa authentication enable default local. Telnet authentication, e.g. enable telnet authentication, should not be enabled in the device configuration. This Metasploit module has been tested against the following devices: ICX6450-24 SWver 07.4.00bT311, FastIron WS 624 SWver 07.2.02fT7e1.

tags | exploit, local
advisories | CVE-1999-0502
SHA-256 | ba6b7cde5c851324e0b62a255e70f86705bd185a26c3b4c57efe862f59094ea7
Telnet Service Encryption Key ID Overflow Detection
Posted Aug 31, 2024
Authored by H D Moore, Jaime Penalba | Site metasploit.com

Detect telnet services vulnerable to the encrypt option Key ID overflow (BSD-derived telnetd).

tags | exploit, overflow
systems | bsd
advisories | CVE-2011-4862
SHA-256 | 801a2a0bc2125f7e99eba56579ca138bcbadf4fa4fc437391f1bcb094a53e493
Satel Iberia SenNet Data Logger And Electricity Meters Command Injection
Posted Aug 31, 2024
Authored by Karn Ganeshen | Site metasploit.com

This Metasploit module exploits an OS Command Injection vulnerability in Satel Iberia SenNet Data Loggers and Electricity Meters to perform arbitrary command execution as root.

tags | exploit, arbitrary, root
advisories | CVE-2017-6048
SHA-256 | 5df4a9c4167f240a3d070d03d8d0e146532998c8387bae034befc386cfb709d1
Lantronix Telnet Password Recovery
Posted Aug 31, 2024
Authored by jgor | Site metasploit.com

This Metasploit module retrieves the setup record from Lantronix serial-to-ethernet devices via the config port (30718/udp, enabled by default) and extracts the telnet password. It has been tested successfully on a Lantronix Device Server with software version V5.8.0.1.

tags | exploit, udp
SHA-256 | 774029efa2fb513cbd66b5dcfba4523e04a8ee3ca0b2443ec30d09c92aba2529
RuggedCom Telnet Password Generator
Posted Aug 31, 2024
Authored by jc, Borja Merino | Site metasploit.com

This Metasploit module will calculate the password for the hard-coded hidden username "factory" in the RuggedCom Rugged Operating System (ROS). The password is dynamically generated based on the devices MAC address.

tags | exploit
advisories | CVE-2012-1803
SHA-256 | c2e2eaffaaf6dfc37d651baafa2013471ebe68045fd115839cdbf477361fe5de
Unitronics PCOM Client
Posted Aug 31, 2024
Authored by Jay Turla | Site metasploit.com

Unitronics Vision PLCs allow unauthenticated PCOM commands to query PLC registers.

tags | exploit
SHA-256 | ad74cc35159b954896186d7e62a20c07e6ac64466c1320992f5f71422d481909
Sielco Sistemi Winlog Remote File Access
Posted Aug 31, 2024
Authored by Luigi Auriemma, juan vazquez | Site metasploit.com

This Metasploit module exploits a directory traversal in Sielco Sistemi Winlog. The vulnerability exists in the Runtime.exe service and can be triggered by sending a specially crafted packet to the 46824/TCP port. This Metasploit module has been successfully tested on Sielco Sistemi Winlog Lite 2.07.14.

tags | exploit, tcp
advisories | CVE-2012-4356
SHA-256 | b86031eb554a91e334141d55bf93e4dd76814f3ae6c789b063d6cd6424f4986a
Moxa UDP Device Discovery
Posted Aug 31, 2024
Authored by Patrick DeSantis | Site metasploit.com

The Moxa protocol listens on 4800/UDP and will respond to broadcast or direct traffic. The service is known to be used on Moxa devices in the NPort, OnCell, and MGate product lines. A discovery packet compels a Moxa device to respond to the sender with some basic device information that is needed for more advanced functions. The discovery data is 8 bytes in length and is the most basic example of the Moxa protocol. It may be sent out as a broadcast (destination 255.255.255.255) or to an individual device. Devices that respond to this query may be vulnerable to serious information disclosure vulnerabilities, such as CVE-2016-9361. The module is the work of Patrick DeSantis of Cisco Talos and is derived from original work by K. Reid Wightman. Tested and validated on a Moxa NPort 6250 with firmware versions 1.13 and 1.15.

tags | exploit, udp, vulnerability, protocol, info disclosure
systems | cisco
advisories | CVE-2016-9361
SHA-256 | 98b6bc9ac986f9cabba0156932ffefd60159a96b8107e1d9b3448bedd300ff36
Indusoft WebStudio NTWebServer Remote File Access
Posted Aug 31, 2024
Authored by juan vazquez, temp66 | Site metasploit.com

This Metasploit module exploits a directory traversal vulnerability in Indusoft WebStudio. The vulnerability exists in the NTWebServer component and allows to read arbitrary remote files with the privileges of the NTWebServer process. The module has been tested successfully on Indusoft WebStudio 6.1 SP6.

tags | exploit, remote, arbitrary
advisories | CVE-2011-1900
SHA-256 | d242b8007726d97afc7ca45d4fdc57dd3eea44c1e53c5a4a3eff01999ce2fbaa
Koyo DirectLogic PLC Password Brute Force Utility
Posted Aug 31, 2024
Authored by Tod Beardsley, K. Reid Wightman | Site metasploit.com

This Metasploit module attempts to authenticate to a locked Koyo DirectLogic PLC. The PLC uses a restrictive passcode, which can be A0000000 through A9999999. The "A" prefix can also be changed by the administrator to any other character, which can be set through the PREFIX option of this module. This Metasploit module is based on the original koyobrute.rb Basecamp module from DigitalBond.

tags | exploit
SHA-256 | aec78b92195bf4c9c28e103cf974f233901b700547dfefd61da7b7042b020860
CVE-2019-0708 BlueKeep Microsoft Remote Desktop Remote Code Execution Check
Posted Aug 31, 2024
Authored by Tom Sellers, zerosum0x0, JaGoTu, National Cyber Security Centre | Site metasploit.com

This Metasploit module checks a range of hosts for the CVE-2019-0708 vulnerability by binding the MS_T120 channel outside of its normal slot and sending non-DoS packets which respond differently on patched and vulnerable hosts. It can optionally trigger the DoS vulnerability.

tags | exploit, denial of service
advisories | CVE-2019-0708
SHA-256 | 6a4a44bfa015ee1e424da3c229e217a013236f2eec5a985ec1f2d2bbef888f5f
MS12-020 Microsoft Remote Desktop Checker
Posted Aug 31, 2024
Authored by Brandon McCann, Royce Davis R3dy | Site metasploit.com

This Metasploit module checks a range of hosts for the MS12-020 vulnerability. This does not cause a DoS on the target.

tags | exploit
advisories | CVE-2012-0002
SHA-256 | 8af29fc18715a26cabbd8050a6eb7d7d09d6e5b2f6a5c4dbb175fc6d6bd10023
Microsoft Windows Deployment Services Unattend Retrieval
Posted Aug 31, 2024
Authored by Jay Turla | Site metasploit.com

This Metasploit module retrieves the client unattend file from Windows Deployment Services RPC service and parses out the stored credentials. Tested against Windows 2008 R2 x64 and Windows 2003 x86.

tags | exploit, x86
systems | windows
SHA-256 | 0c3608ed8e91cd81229126b5a544cf3c0daccefc7901b1b5255f67bbdbafd3f7
Memcached Stats Amplification Scanner
Posted Aug 31, 2024
Authored by Jon Hart, xistence, Marek Majkowski | Site metasploit.com

This Metasploit module can be used to discover Memcached servers which expose the unrestricted UDP port 11211. A basic "stats" request is executed to check if an amplification attack is possible against a third party.

tags | exploit, udp
advisories | CVE-2018-1000115
SHA-256 | cb5539054159e5bd7eb5991e8ba1abaed61e1b1644670a36b4815d24c61a9cab
Page 1 of 20
Back12345Next

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    20 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close