exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 26 - 50 of 490 RSS Feed

Files Date: 2024-08-31 to 2024-08-31

TFTP Brute Forcer
Posted Aug 31, 2024
Authored by Antoine Neuenschwander | Site metasploit.com

This Metasploit module uses a dictionary to brute force valid TFTP image names from a TFTP server.

tags | exploit
SHA-256 | 6284438cb9f0c3958553eb9816c55a7cf74d98495f046bb70da9516475a8eee5
IpSwitch WhatsUp Gold TFTP Directory Traversal
Posted Aug 31, 2024
Authored by sinn3r, juan vazquez, Prabhu S Angadi | Site metasploit.com

This Metasploit modules exploits a directory traversal vulnerability in IpSwitch WhatsUp Golds TFTP service.

tags | exploit
advisories | CVE-2011-4722
SHA-256 | f52a92979e0cd2467ac4d0bd611f2176dc90cd4fd1fa2d4a2be6f245808683ef
NetDecision 4.2 TFTP Directory Traversal
Posted Aug 31, 2024
Authored by Rob Kraus, juan vazquez | Site metasploit.com

This Metasploit modules exploits a directory traversal vulnerability in NetDecision 4.2 TFTP service.

tags | exploit
advisories | CVE-2009-1730
SHA-256 | 82ebd3972f559a0e67b990abcd101f061a85f5f36f1cdddb753037f361b6431d
Oracle XML DB SID Discovery Via Brute Force
Posted Aug 31, 2024
Authored by Jay Turla | Site metasploit.com

This Metasploit module attempts to retrieve the sid from the Oracle XML DB httpd server, utilizing Pete Finnigans default oracle password list.

tags | exploit
SHA-256 | 6768cbd384e045ee9eb89dff4980271590e814f7a058b80be52dccb74ecb3753
Oracle ISQLPlus SID Check
Posted Aug 31, 2024
Authored by Tod Beardsley, CG | Site metasploit.com

This Metasploit module attempts to bruteforce the SID on the Oracle application server iSQL*Plus login pages. It does this by testing Oracle error responses returned in the HTTP response. Incorrect username/pass with a correct SID will produce an Oracle ORA-01017 error. Works against Oracle 9.2, 10.1 and 10.2 iSQL*Plus. This Metasploit module will attempt to fingerprint the version and automatically select the correct POST request.

tags | exploit, web
SHA-256 | 43ed00b533fa9fa67f34d41215d2bfb5042a798ae610c8ddddbae41d921c2719
Oracle Account Discovery
Posted Aug 31, 2024
Authored by Jay Turla | Site metasploit.com

This Metasploit module uses a list of well known default authentication credentials to discover easily guessed accounts.

tags | exploit
SHA-256 | 85f12c55152d0a12362d7deb3df43c629ee82af38be615769540464cfb044259
Oracle TNS Listener SID Enumeration
Posted Aug 31, 2024
Authored by MC, CG | Site metasploit.com

This Metasploit module simply queries the TNS listener for the Oracle SID. With Oracle 9.2.0.8 and above the listener will be protected and the SID will have to be bruteforced or guessed.

tags | exploit
SHA-256 | 2273dce8943255197fa66720b7e61a0d28b70df18000893f99a9a0d469d033e9
Oracle TNS Listener Checker
Posted Aug 31, 2024
Authored by Jay Turla | Site metasploit.com

This Metasploit module checks the server for vulnerabilities like TNS Poison. Module sends a server a packet with command to register new TNS Listener and checks for a response indicating an error. If the registration is errored, the target is not vulnerable. Otherwise, the target is vulnerable to malicious registrations.

tags | exploit, vulnerability
advisories | CVE-2012-1675
SHA-256 | 1b8872d062add8e7a4b00ea686271b84b00f02fe96b8ce046075018735518eae
UDP Amplification Scanner
Posted Aug 31, 2024
Authored by Jon Hart | Site metasploit.com

Detect UDP endpoints with UDP amplification vulnerabilities.

tags | exploit, udp, vulnerability
advisories | CVE-2013-5211
SHA-256 | 4b266aac321033bf9bd912f59c5fbdf160afa5b657e7351b0616cbfb0a87e10b
URGENT/11 Scanner, Based On Detection Tool By Armis
Posted Aug 31, 2024
Authored by wvu, Brent Cook, Ben Seri | Site metasploit.com

This Metasploit module detects VxWorks and the IPnet IP stack, along with devices vulnerable to CVE-2019-12258.

tags | exploit
advisories | CVE-2019-12258
SHA-256 | 6f4e528ea0cb7372e3bdf497488748f966e28e300b72e0d74701650b47070ef8
Cisco IKE Information Disclosure
Posted Aug 31, 2024
Authored by Jay Turla | Site metasploit.com

A vulnerability in Internet Key Exchange version 1 (IKEv1) packet processing code in Cisco IOS, Cisco IOS XE, and Cisco IOS XR Software could allow an unauthenticated, remote attacker to retrieve memory contents, which could lead to the disclosure of confidential information. The vulnerability is due to insufficient condition checks in the part of the code that handles IKEv1 security negotiation requests. An attacker could exploit this vulnerability by sending a crafted IKEv1 packet to an affected device configured to accept IKEv1 security negotiation requests. A successful exploit could allow the attacker to retrieve memory contents, which could lead to the disclosure of confidential information.

tags | exploit, remote
systems | cisco, osx, ios
advisories | CVE-2016-6415
SHA-256 | cb133e8ec1ab0a1c2ef2e261014a4116110c288c8c180ccb796a35046f0cc70e
Etcd Keys API Information Gathering
Posted Aug 31, 2024
Authored by h00die, Giovanni Collazo | Site metasploit.com

This Metasploit module queries the etcd API to recursively retrieve all of the stored key value pairs. Etcd by default does not utilize authentication.

tags | exploit
SHA-256 | da0dd53b50d563c3f71695c1da8416749c3880fd22812664e9eff0cc429005b2
VMware Server Directory Traversal
Posted Aug 31, 2024
Authored by CG | Site metasploit.com

This Metasploit modules exploits the VMware Server Directory Traversal vulnerability in VMware Server 1.x before 1.0.10 build 203137 and 2.x before 2.0.2 build 203138 on Linux, VMware ESXi 3.5, and VMware ESX 3.0.3 and 3.5 allows remote attackers to read arbitrary files. Common VMware server ports 80/8222 and 443/8333 SSL. If you want to download the entire VM, check out the gueststealer tool.

tags | exploit, remote, arbitrary
systems | linux
advisories | CVE-2009-3733
SHA-256 | bf4996e1f6f3d4417cdbcd16d228ae272229ab37892c242643b5db9693969a42
VMWare Web Login Scanner
Posted Aug 31, 2024
Authored by Jay Turla | Site metasploit.com

This Metasploit module attempts to authenticate to the VMWare HTTP service for VmWare Server, ESX, and ESXI.

tags | exploit, web
advisories | CVE-1999-0502
SHA-256 | da7e0e93abb5ebe43d5c6d76481044fac0402a4036288f4f48749e34aeff12c0
VMWare Update Manager 4 Directory Traversal
Posted Aug 31, 2024
Authored by Alexey Sintsov, sinn3r | Site metasploit.com

This Metasploit modules exploits a directory traversal vulnerability in VMWare Update Manager on port 9084. Versions affected by this vulnerability: vCenter Update Manager 4.1 prior to Update 2, vCenter Update Manager 4 Update 4.

tags | exploit
advisories | CVE-2011-4404
SHA-256 | 141792b0109b73b145e21b04ca6c1e0cd9cb9dfc495904452e3a23caf4459da8
VMWare Enumerate User Accounts
Posted Aug 31, 2024
Authored by Jay Turla | Site metasploit.com

This Metasploit module will log into the Web API of VMWare and try to enumerate all the user accounts. If the VMware instance is connected to one or more domains, it will try to enumerate domain users as well.

tags | exploit, web
SHA-256 | d10a7b82ed49ee2e3f3284fa2dbc014b623970ce48d7078b155f4fac81c4d3f2
Cisco DLSw Information Disclosure Scanner
Posted Aug 31, 2024
Authored by John McLeod, Tate Hansen, Kyle Rainey | Site metasploit.com

This Metasploit module implements the DLSw information disclosure retrieval. There is a bug in Ciscos DLSw implementation affecting 12.x and 15.x trains that allows an unauthenticated remote attacker to retrieve the partial contents of packets traversing a Cisco router with DLSw configured and active.

tags | exploit, remote, info disclosure
systems | cisco
advisories | CVE-2014-7992
SHA-256 | 8c127ae0566989988fb9b4c5ab25a9378faa865c70eef591a422e2cb3549b141
CVE-2023-21554 QueueJumper - MSMQ Remote Code Execution Check
Posted Aug 31, 2024
Authored by Haifei Li, Wayne Low, Bastian Kanbach | Site metasploit.com

This Metasploit module checks the provided hosts for the CVE-2023-21554 vulnerability by sending a MSMQ message with an altered DataLength field within the SRMPEnvelopeHeader that overflows the given buffer. On patched systems, the error is caught and no response is sent back. On vulnerable systems, the integer wraps around and depending on the length could cause an out-of-bounds write. In the context of this module a response is sent back, which indicates that the system is vulnerable.

tags | exploit, overflow
advisories | CVE-2023-21554
SHA-256 | a0cddadb1a675fdce4af377d71ed784a8906286c13da03dac1d38aa7dce5ef6b
Apple Filing Protocol Info Enumerator
Posted Aug 31, 2024
Authored by Jay Turla | Site metasploit.com

This Metasploit module fetches AFP server information, including server name, network address, supported AFP versions, signature, machine type, and server flags.

tags | exploit
SHA-256 | fa285f0ece1b7557f8c6693480b99cb497d29fa7e9f0adb133487c6bccde6227
Apple Filing Protocol Login Utility
Posted Aug 31, 2024
Authored by Jay Turla | Site metasploit.com

This Metasploit module attempts to bruteforce authentication credentials for AFP.

tags | exploit
SHA-256 | 08a96f7a9493b11973088749a53772c1d786c20f9886a639955d223a3f7e1a8e
Brocade Password Hash Enumeration
Posted Aug 31, 2024
Authored by Jay Turla | Site metasploit.com

This Metasploit module extracts password hashes from certain Brocade load balancer devices.

tags | exploit
SHA-256 | 5cbdba0bb04c033d9c526c329c2e09d17f583abda5d43ad80845391c96b3f1c6
SNMP Windows Username Enumeration
Posted Aug 31, 2024
Authored by Jay Turla | Site metasploit.com

This Metasploit module will use LanManager/psProcessUsername OID values to enumerate local user accounts on a Windows/Solaris system via SNMP .

tags | exploit, local
systems | windows, solaris
SHA-256 | ea7e658a877335353b7554a19e204e70c7a6d7f897b1ed37e96aba9e0a2437d3
HP LaserJet Printer SNMP Enumeration
Posted Aug 31, 2024
Authored by Matteo Cantoni | Site metasploit.com

This Metasploit module allows enumeration of files previously printed. It provides details as filename, client, timestamp and username information. The default community used is "public".

tags | exploit
SHA-256 | 9711647b0a492a0e8b2bc64b1066906eeb3b80f413bd74b6566a58e6680c1af7
Xerox WorkCentre User Enumeration
Posted Aug 31, 2024
Authored by pello | Site metasploit.com

This Metasploit module will do user enumeration based on the Xerox WorkCentre present on the network. SNMP is used to extract the usernames.

tags | exploit
SHA-256 | da5ea6c992a0d6795be972f3b46c9edebc9a13170eced965aaba7ded4da7822f
Cambium CnPilot R200/r201 SNMP Enumeration
Posted Aug 31, 2024
Authored by Jay Turla | Site metasploit.com

Cambium cnPilot r200/r201 devices can be administered using SNMP. The device configuration contains IP addresses, keys, passwords, and lots of juicy information. This Metasploit module exploits an access control flaw, which allows remotely extracting sensitive information such as account passwords, WiFI PSK, and SIP credentials via SNMP Read-Only (RO) community string.

tags | exploit
advisories | CVE-2017-5262
SHA-256 | 9480f001d5d38c73f2b17ee1a02d5b5d75d2cdf089831079135d4f294c545469
Page 2 of 20
Back12345Next

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    20 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close