what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 51 - 75 of 490 RSS Feed

Files Date: 2024-08-31 to 2024-08-31

SNMP Community Login Scanner
Posted Aug 31, 2024
Authored by H D Moore | Site metasploit.com

This Metasploit module logs in to SNMP devices using common community names.

tags | exploit
advisories | CVE-1999-0508, CVE-1999-0516, CVE-1999-0517
SHA-256 | c3b32da7b3f73a2695ea0071176d4548e0e31cb363a8d8f25ea7e5071d7511bf
Cisco IOS SNMP File Upload
Posted Aug 31, 2024
Authored by ct5595, pello | Site metasploit.com

This Metasploit module will copy file to a Cisco IOS device using SNMP and TFTP. The action Override_Config will override the running config of the Cisco device. A read-write SNMP community is required. The SNMP community scanner module can assist in identifying a read-write community. The target must be able to connect back to the Metasploit system and the use of NAT will cause the TFTP transfer to fail.

tags | exploit
systems | cisco, ios
SHA-256 | 7eeeea39495bb0506e8dd6737a909256f8635d57c2d508f012028d9e06b615e2
Arris DG950A Cable Modem Wifi Enumeration
Posted Aug 31, 2024
Authored by Jay Turla | Site metasploit.com

This Metasploit module will extract WEP keys and WPA preshared keys from Arris DG950A cable modems.

tags | exploit
advisories | CVE-2014-4863
SHA-256 | d80318ca2507c71cc45d58033d00078c59228b758e111efc783c4836018dedeb
Cambium EPMP 1000 SNMP Enumeration
Posted Aug 31, 2024
Authored by Jay Turla | Site metasploit.com

Cambium devices (ePMP, PMP, Force, and others) can be administered using SNMP. The device configuration contains IP addresses, keys, and passwords, amongst other information. This Metasploit module uses SNMP to extract Cambium ePMP device configuration. On certain software versions, specific device configuration values can be accessed using SNMP RO string, even though only SNMP RW string should be able to access them, according to MIB documentation. The module also triggers full configuration backup, and retrieves the backup url. The configuration file can then be downloaded without authentication. The module has been tested on Cambium ePMP versions 3.5 and prior.

tags | exploit
advisories | CVE-2017-7918, CVE-2017-7922
SHA-256 | e423c9814a9582bc78a26bab817bae130b1ae20bb6195afb5cb32be7f3d2bbf4
Ubee DDW3611b Cable Modem Wifi Enumeration
Posted Aug 31, 2024
Authored by Jay Turla | Site metasploit.com

This Metasploit module will extract WEP keys and WPA preshared keys from certain Ubee cable modems.

tags | exploit
SHA-256 | b468ec7bc878a4710e4135434c674ab12603c0d49237572791b6910de5a8924c
Netopia 3347 Cable Modem Wifi Enumeration
Posted Aug 31, 2024
Authored by Jay Turla | Site metasploit.com

This Metasploit module extracts WEP keys and WPA preshared keys from certain Netopia cable modems.

tags | exploit
SHA-256 | 4b56eb0f0a739ad79361497f2955ef03bd26935c14ab3002cd743d29cbe2c57f
Gather Steam Server Information
Posted Aug 31, 2024
Authored by Jon Hart | Site metasploit.com

This Metasploit module uses the A2S_INFO request to obtain information from a Steam server.

tags | exploit
SHA-256 | 89416cc9f5e46168342e202b91b47b3ba9094801247b2522d376fc12181782f1
Gather Quake Server Information
Posted Aug 31, 2024
Authored by Jon Hart | Site metasploit.com

This Metasploit module uses the getstatus or getinfo request to obtain information from a Quakeserver.

tags | exploit
SHA-256 | fd233ad07c22d603334cbcada818c4cd262bc96c7e0eafee383c9bd9e61e7adf
Gather Kademlia Server Information
Posted Aug 31, 2024
Authored by Jon Hart | Site metasploit.com

This Metasploit module uses the Kademlia BOOTSTRAP and PING messages to identify and extract information from Kademlia speaking UDP endpoints, typically belonging to eMule/eDonkey/BitTorrent servers or other P2P applications.

tags | exploit, udp
SHA-256 | eba8248b7c5e0ccdd26ca05535b352545a47360c55fc0541e56ac36a0e461848
CouchDB Enum Utility
Posted Aug 31, 2024
Authored by Roberto S. Soares, Max Justicz, Green-m, Hendrik Van Belleghem | Site metasploit.com

This Metasploit module enumerates databases on CouchDB using the REST API (without authentication by default).

tags | exploit
advisories | CVE-2017-12635
SHA-256 | 2942d69e8cd376e67d7cb3531714d06e9b22d6dd3d9fe3f3f432e8930a09dad3
Native DNS Spoofer
Posted Aug 31, 2024
Authored by RageLtMan | Site metasploit.com

This Metasploit module provides a Rex based DNS service to resolve queries intercepted via the capture mixin. Configure STATIC_ENTRIES to contain host-name mappings desired for spoofing using a hostsfile or space/semicolon separated entries. In the default configuration, the service operates as a normal native DNS server with the exception of consuming from and writing to the wire as opposed to a listening socket. Best when compromising routers or spoofing L2 in order to prevent return of the real reply which causes a race condition. The method by which replies are filtered is up to the user (though iptables works fine).

tags | exploit, spoof
SHA-256 | 71e4d2818ec569938e36585e1b0d07898002ea3f2dff530fe215ae9b8a7dabc6
NetBIOS Name Service Spoofer
Posted Aug 31, 2024
Authored by Jay Turla | Site metasploit.com

This Metasploit module forges NetBIOS Name Service (NBNS) responses. It will listen for NBNS requests sent to the local subnets broadcast address and spoof a response, redirecting the querying machine to an IP of the attackers choosing. Combined with auxiliary/server/capture/smb or auxiliary/server/capture/http_ntlm it is a highly effective means of collecting crackable hashes on common networks. This Metasploit module must be run as root and will bind to udp/137 on all interfaces.

tags | exploit, local, root, udp, spoof
SHA-256 | ff6e3182c34b77e4130a88264f526ca39f573748ca673f54fe46407ea6bf712a
Amazon Fire TV YouTube Remote Control
Posted Aug 31, 2024
Authored by Jay Turla | Site metasploit.com

This Metasploit module acts as a simple remote control for the Amazon Fire TVs YouTube app. Tested on the Amazon Fire TV Stick.

tags | exploit, remote
SHA-256 | 69fb41ab585fc6b28e37188b07a1a70fbaf2484bcbddc9b47819529c298b422e
HP Data Protector 6.1 EXEC_CMD Command Execution
Posted Aug 31, 2024
Authored by Wireghoul, sinn3r, ch0ks, c4an | Site metasploit.com

This Metasploit module exploits HP Data Protectors omniinet process, specifically against a Windows setup. When an EXEC_CMD packet is sent, omniinet.exe will attempt to look for that user-supplied filename with kernel32!FindFirstFileW(). If the file is found, the process will then go ahead execute it with CreateProcess() under a new thread. If the filename isnt found, FindFirstFileW() will throw an error (0x03), and then bails early without triggering CreateProcess(). Because of these behaviors, if you try to supply an argument, FindFirstFileW() will look at that as part of the filename, and then bail. Please note that when you specify the CMD option, the base path begins under C:\.

tags | exploit
systems | windows
advisories | CVE-2011-0923
SHA-256 | d60f9ecfdd7e75b911a02d2e3e9f7e6e28eb00b4db11022e93bc1c7e16bb9722
HP ILO 4 1.00-2.50 Authentication Bypass Administrator Account Creation
Posted Aug 31, 2024
Site metasploit.com

This Metasploit module exploits an authentication bypass in HP iLO 4 1.00 to 2.50, triggered by a buffer overflow in the Connection HTTP header handling by the web server. Exploiting this vulnerability gives full access to the REST API, allowing arbitrary accounts creation.

tags | exploit, web, overflow, arbitrary
advisories | CVE-2017-12542
SHA-256 | 307468ecf285c6317f2e172728ad61a604fe9d31aa424fe525723ac69384bc9e
HP Intelligent Management SOM Account Creation
Posted Aug 31, 2024
Authored by rgod, juan vazquez | Site metasploit.com

This Metasploit module exploits a lack of authentication and access control in HP Intelligent Management, specifically in the AccountService RpcServiceServlet from the SOM component, in order to create a SOM account with Account Management permissions. This Metasploit module has been tested successfully on HP Intelligent Management Center 5.2 E0401 and 5.1 E202 with SOM 5.2 E0401 and SOM 5.1 E0201 over Windows 2003 SP2.

tags | exploit
systems | windows
advisories | CVE-2013-4824
SHA-256 | f80f182bd3efcc931cc161e517ad609080f18fbbea524563033651e7394cda0f
Veritas Backup Exec Windows Remote File Access
Posted Aug 31, 2024
Authored by H D Moore, temp66 | Site metasploit.com

This Metasploit module abuses a logic flaw in the Backup Exec Windows Agent to download arbitrary files from the system. This flaw was found by someone who wishes to remain anonymous and affects all known versions of the Backup Exec Windows Agent. The output file is in MTF format, which can be extracted by the NTKBUp program listed in the references section. To transfer an entire directory, specify a path that includes a trailing backslash.

tags | exploit, arbitrary
systems | windows
advisories | CVE-2005-2611
SHA-256 | 226940d66a9c4cacaf0a73b81c75fdaea375765b84cbee186b391bbf5c6295da
Veritas Backup Exec Server Registry Access
Posted Aug 31, 2024
Authored by Jay Turla | Site metasploit.com

This Metasploit modules exploits a remote registry access flaw in the BackupExec Windows Server RPC service. This vulnerability was discovered by Pedram Amini and is based on the NDR stub information posted to openrce.org. Please see the action list for the different attack modes.

tags | exploit, remote, registry
systems | windows
advisories | CVE-2005-0771
SHA-256 | 2138587ae325bae6523fe264b536da7ed9c42e45e7490c135d46a8a92061e574
SerComm Device Configuration Dump
Posted Aug 31, 2024
Authored by Eloi Vanderbeken, Matt hostess Andreko | Site metasploit.com

This Metasploit module will dump the configuration of several SerComm devices. These devices typically include routers from NetGear and Linksys. This Metasploit module was tested successfully against the NetGear DG834 series ADSL modem router.

tags | exploit
SHA-256 | 25a4eddb35b4a76fb51f6bd4a6423eea5144ca5cf055ff014cfd5dbb69591022
NetBIOS Response Brute Force Spoof
Posted Aug 31, 2024
Authored by H D Moore, TombKeeper, vvalien | Site metasploit.com

This Metasploit module continuously spams NetBIOS responses to a target for given hostname, causing the target to cache a malicious address for this name. On high-speed local networks, the PPSRATE value should be increased to speed up this attack. As an example, a value of around 30,000 is almost 100% successful when spoofing a response for a WPAD lookup. Distant targets may require more time and lower rates for a successful attack.

tags | exploit, local, spoof
SHA-256 | 4c46a17b6b28a0831bd545f008514748b910a2c34d2ae38a4055e1330ff321bc
Novell EDirectory EMBox Unauthenticated File Access
Posted Aug 31, 2024
Authored by Nicob, MC, sinn3r | Site metasploit.com

This Metasploit module will access Novell eDirectorys eMBox service and can run the following actions via the SOAP interface: GET_DN, READ_LOGS, LIST_SERVICES, STOP_SERVICE, START_SERVICE, SET_LOGFILE.

tags | exploit
advisories | CVE-2008-0926
SHA-256 | 6f3159d4e22911966229228c779f6b480d4899bc7ad4b88645ca6777cfbc71f7
Novell EDirectory DHOST Predictable Session Cookie
Posted Aug 31, 2024
Authored by H D Moore | Site metasploit.com

This Metasploit module is able to predict the next session cookie value issued by the DHOST web service of Novell eDirectory 8.8.5. An attacker can run this module, wait until the real administrator logs in, then specify the predicted cookie value to hijack their session.

tags | exploit, web
advisories | CVE-2009-4655
SHA-256 | 28766d01f38ae419f2e9cd76f297d8ac56df2a94fb287f8aae22c02263aa6efa
TYPO3 Sa-2009-001 Weak Encryption Key File Disclosure
Posted Aug 31, 2024
Authored by Jay Turla | Site metasploit.com

This Metasploit module exploits a flaw in TYPO3 encryption ey creation process to allow for file disclosure in the jumpUrl mechanism. This flaw can be used to read any file that the web server user account has access to view.

tags | exploit, web
advisories | CVE-2009-0255
SHA-256 | 46f4945dc23426c604a5c5f50f175eb456147c30dcc824a0e732f945e0b7b55f
Mutiny 5 Arbitrary File Read And Delete
Posted Aug 31, 2024
Authored by juan vazquez | Site metasploit.com

This Metasploit module exploits the EditDocument servlet from the frontend on the Mutiny 5 appliance. The EditDocument servlet provides file operations, such as copy and delete, which are affected by a directory traversal vulnerability. Because of this, any authenticated frontend user can read and delete arbitrary files from the system with root privileges. In order to exploit the vulnerability a valid user (any role) in the web frontend is required. The module has been tested successfully on the Mutiny 5.0-1.07 appliance.

tags | exploit, web, arbitrary, root
advisories | CVE-2013-0136
SHA-256 | d3b96cef983073a378f5d44a96a275b1a30b7aaa70f28edd1fb2d4b093beab71
NETGEAR ProSafe Network Management System 300 Authenticated File Download
Posted Aug 31, 2024
Authored by Pedro Ribeiro | Site metasploit.com

Netgears ProSafe NMS300 is a network management utility that runs on Windows systems. The application has a file download vulnerability that can be exploited by an authenticated remote attacker to download any file in the system. This Metasploit module has been tested with versions 1.5.0.2, 1.4.0.17 and 1.1.0.13.

tags | exploit, remote
systems | windows
advisories | CVE-2016-1524
SHA-256 | 7b6ab6ffa9844979171a203a6fb43f5906cc96114b0f4b811979aee8938f1df6
Page 3 of 20
Back12345Next

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    0 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close