This Metasploit module uses a dictionary to brute force valid TFTP image names from a TFTP server.
6284438cb9f0c3958553eb9816c55a7cf74d98495f046bb70da9516475a8eee5
This Metasploit modules exploits a directory traversal vulnerability in IpSwitch WhatsUp Golds TFTP service.
f52a92979e0cd2467ac4d0bd611f2176dc90cd4fd1fa2d4a2be6f245808683ef
This Metasploit modules exploits a directory traversal vulnerability in NetDecision 4.2 TFTP service.
82ebd3972f559a0e67b990abcd101f061a85f5f36f1cdddb753037f361b6431d
This Metasploit module attempts to retrieve the sid from the Oracle XML DB httpd server, utilizing Pete Finnigans default oracle password list.
6768cbd384e045ee9eb89dff4980271590e814f7a058b80be52dccb74ecb3753
This Metasploit module attempts to bruteforce the SID on the Oracle application server iSQL*Plus login pages. It does this by testing Oracle error responses returned in the HTTP response. Incorrect username/pass with a correct SID will produce an Oracle ORA-01017 error. Works against Oracle 9.2, 10.1 and 10.2 iSQL*Plus. This Metasploit module will attempt to fingerprint the version and automatically select the correct POST request.
43ed00b533fa9fa67f34d41215d2bfb5042a798ae610c8ddddbae41d921c2719
This Metasploit module uses a list of well known default authentication credentials to discover easily guessed accounts.
85f12c55152d0a12362d7deb3df43c629ee82af38be615769540464cfb044259
This Metasploit module simply queries the TNS listener for the Oracle SID. With Oracle 9.2.0.8 and above the listener will be protected and the SID will have to be bruteforced or guessed.
2273dce8943255197fa66720b7e61a0d28b70df18000893f99a9a0d469d033e9
This Metasploit module checks the server for vulnerabilities like TNS Poison. Module sends a server a packet with command to register new TNS Listener and checks for a response indicating an error. If the registration is errored, the target is not vulnerable. Otherwise, the target is vulnerable to malicious registrations.
1b8872d062add8e7a4b00ea686271b84b00f02fe96b8ce046075018735518eae
Detect UDP endpoints with UDP amplification vulnerabilities.
4b266aac321033bf9bd912f59c5fbdf160afa5b657e7351b0616cbfb0a87e10b
This Metasploit module detects VxWorks and the IPnet IP stack, along with devices vulnerable to CVE-2019-12258.
6f4e528ea0cb7372e3bdf497488748f966e28e300b72e0d74701650b47070ef8
A vulnerability in Internet Key Exchange version 1 (IKEv1) packet processing code in Cisco IOS, Cisco IOS XE, and Cisco IOS XR Software could allow an unauthenticated, remote attacker to retrieve memory contents, which could lead to the disclosure of confidential information. The vulnerability is due to insufficient condition checks in the part of the code that handles IKEv1 security negotiation requests. An attacker could exploit this vulnerability by sending a crafted IKEv1 packet to an affected device configured to accept IKEv1 security negotiation requests. A successful exploit could allow the attacker to retrieve memory contents, which could lead to the disclosure of confidential information.
cb133e8ec1ab0a1c2ef2e261014a4116110c288c8c180ccb796a35046f0cc70e
This Metasploit module queries the etcd API to recursively retrieve all of the stored key value pairs. Etcd by default does not utilize authentication.
da0dd53b50d563c3f71695c1da8416749c3880fd22812664e9eff0cc429005b2
This Metasploit modules exploits the VMware Server Directory Traversal vulnerability in VMware Server 1.x before 1.0.10 build 203137 and 2.x before 2.0.2 build 203138 on Linux, VMware ESXi 3.5, and VMware ESX 3.0.3 and 3.5 allows remote attackers to read arbitrary files. Common VMware server ports 80/8222 and 443/8333 SSL. If you want to download the entire VM, check out the gueststealer tool.
bf4996e1f6f3d4417cdbcd16d228ae272229ab37892c242643b5db9693969a42
This Metasploit module attempts to authenticate to the VMWare HTTP service for VmWare Server, ESX, and ESXI.
da7e0e93abb5ebe43d5c6d76481044fac0402a4036288f4f48749e34aeff12c0
This Metasploit modules exploits a directory traversal vulnerability in VMWare Update Manager on port 9084. Versions affected by this vulnerability: vCenter Update Manager 4.1 prior to Update 2, vCenter Update Manager 4 Update 4.
141792b0109b73b145e21b04ca6c1e0cd9cb9dfc495904452e3a23caf4459da8
This Metasploit module will log into the Web API of VMWare and try to enumerate all the user accounts. If the VMware instance is connected to one or more domains, it will try to enumerate domain users as well.
d10a7b82ed49ee2e3f3284fa2dbc014b623970ce48d7078b155f4fac81c4d3f2
This Metasploit module implements the DLSw information disclosure retrieval. There is a bug in Ciscos DLSw implementation affecting 12.x and 15.x trains that allows an unauthenticated remote attacker to retrieve the partial contents of packets traversing a Cisco router with DLSw configured and active.
8c127ae0566989988fb9b4c5ab25a9378faa865c70eef591a422e2cb3549b141
This Metasploit module checks the provided hosts for the CVE-2023-21554 vulnerability by sending a MSMQ message with an altered DataLength field within the SRMPEnvelopeHeader that overflows the given buffer. On patched systems, the error is caught and no response is sent back. On vulnerable systems, the integer wraps around and depending on the length could cause an out-of-bounds write. In the context of this module a response is sent back, which indicates that the system is vulnerable.
a0cddadb1a675fdce4af377d71ed784a8906286c13da03dac1d38aa7dce5ef6b
This Metasploit module fetches AFP server information, including server name, network address, supported AFP versions, signature, machine type, and server flags.
fa285f0ece1b7557f8c6693480b99cb497d29fa7e9f0adb133487c6bccde6227
This Metasploit module attempts to bruteforce authentication credentials for AFP.
08a96f7a9493b11973088749a53772c1d786c20f9886a639955d223a3f7e1a8e
This Metasploit module extracts password hashes from certain Brocade load balancer devices.
5cbdba0bb04c033d9c526c329c2e09d17f583abda5d43ad80845391c96b3f1c6
This Metasploit module will use LanManager/psProcessUsername OID values to enumerate local user accounts on a Windows/Solaris system via SNMP .
ea7e658a877335353b7554a19e204e70c7a6d7f897b1ed37e96aba9e0a2437d3
This Metasploit module allows enumeration of files previously printed. It provides details as filename, client, timestamp and username information. The default community used is "public".
9711647b0a492a0e8b2bc64b1066906eeb3b80f413bd74b6566a58e6680c1af7
This Metasploit module will do user enumeration based on the Xerox WorkCentre present on the network. SNMP is used to extract the usernames.
da5ea6c992a0d6795be972f3b46c9edebc9a13170eced965aaba7ded4da7822f
Cambium cnPilot r200/r201 devices can be administered using SNMP. The device configuration contains IP addresses, keys, passwords, and lots of juicy information. This Metasploit module exploits an access control flaw, which allows remotely extracting sensitive information such as account passwords, WiFI PSK, and SIP credentials via SNMP Read-Only (RO) community string.
9480f001d5d38c73f2b17ee1a02d5b5d75d2cdf089831079135d4f294c545469