what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 100 RSS Feed

Files

HP Data Protector EXEC_INTEGUTIL Remote Code Execution
Posted Oct 21, 2014
Authored by Aniway, juan vazquez | Site metasploit.com

This exploit abuses a vulnerability in the HP Data Protector. The vulnerability exists in the Backup client service, which listens by default on TCP/5555. The EXEC_INTEGUTIL request allows to execute arbitrary commands from a restricted directory. Since it includes a perl executable, it's possible to use an EXEC_INTEGUTIL packet to execute arbitrary code. On linux targets, the perl binary isn't on the restricted directory, but an EXEC_BAR packet can be used to access the perl binary, even in the last version of HP Data Protector for linux. This Metasploit module has been tested successfully on HP Data Protector 9 over Windows 2008 R2 64 bits and CentOS 6 64 bits.

tags | exploit, arbitrary, perl, tcp
systems | linux, windows, centos
SHA-256 | 532410fb174f7f3d0672bb77c79174e37f6739ffde13774940b5b666f7c88240

Related Files

HP Intelligent Management ReportImgServlt Directory Traversal
Posted Sep 1, 2024
Authored by rgod, juan vazquez | Site metasploit.com

This Metasploit module exploits a lack of authentication and a directory traversal in HP Intelligent Management, specifically in the ReportImgServlt, in order to retrieve arbitrary files with SYSTEM privileges. This Metasploit module has been tested successfully on HP Intelligent Management Center 5.1 E0202 over Windows 2003 SP2.

tags | exploit, arbitrary
systems | windows
advisories | CVE-2012-5203
SHA-256 | fc011d457e4acf956275035f4b8a0451d41e2e13f19438085bac537923b7fe5d
HP Intelligent Management FaultDownloadServlet Directory Traversal
Posted Sep 1, 2024
Authored by rgod, juan vazquez | Site metasploit.com

This Metasploit module exploits a lack of authentication and a directory traversal in HP Intelligent Management, specifically in the FaultDownloadServlet, in order to retrieve arbitrary files with SYSTEM privileges. This Metasploit module has been tested successfully on HP Intelligent Management Center 5.1 E0202 over Windows 2003 SP2.

tags | exploit, arbitrary
systems | windows
advisories | CVE-2012-5202
SHA-256 | 4afa0137a506369a61e2db708c38b69ad4ed8789d747da63b132480ec19c7b07
HP SiteScope SOAP Call GetSiteScopeConfiguration Configuration Access
Posted Sep 1, 2024
Authored by rgod, juan vazquez | Site metasploit.com

This Metasploit module exploits an authentication bypass vulnerability in HP SiteScope which allows to retrieve the HP SiteScope configuration, including administrative credentials. It is accomplished by calling the getSiteScopeConfiguration operation available through the APISiteScopeImpl AXIS service. The HP SiteScope Configuration is retrieved as file containing Java serialization data. This Metasploit module has been tested successfully on HP SiteScope 11.20 over Windows 2003 SP2 and Linux Centos 6.3.

tags | exploit, java, bypass
systems | linux, windows, centos
SHA-256 | 49a6293f49b3d88908408822f05f60de61f16258c0921f50adecb84a90811493
HP SiteScope SOAP Call LoadFileContent Remote File Access
Posted Sep 1, 2024
Authored by rgod, juan vazquez | Site metasploit.com

This Metasploit module exploits an authentication bypass vulnerability in HP SiteScope to retrieve an arbitrary text file from the remote server. It is accomplished by calling the loadFileContent operation available through the APIMonitorImpl AXIS service. This Metasploit module has been successfully tested on HP SiteScope 11.20 over Windows 2003 SP2 and Linux Centos 6.3.

tags | exploit, remote, arbitrary, bypass
systems | linux, windows, centos
SHA-256 | 70fba2e746b60b36e7ed3d2efbabee053f81db339cfb2580347bd710629b238d
HP Intelligent Management SOM FileDownloadServlet Arbitrary Download
Posted Sep 1, 2024
Authored by rgod, juan vazquez | Site metasploit.com

This Metasploit module exploits a lack of authentication and access control in HP Intelligent Management, specifically in the FileDownloadServlet from the SOM component, in order to retrieve arbitrary files with SYSTEM privileges. This Metasploit module has been tested successfully on HP Intelligent Management Center 5.2_E0401 with SOM 5.2 E0401 over Windows 2003 SP2.

tags | exploit, arbitrary
systems | windows
advisories | CVE-2013-4826
SHA-256 | 1850a191353250b7a4f39ae00758d5a46a4b1b6e1c9ca0c3c46852217064aebe
HP SiteScope SOAP Call GetFileInternal Remote File Access
Posted Sep 1, 2024
Authored by rgod, juan vazquez | Site metasploit.com

This Metasploit module exploits an authentication bypass vulnerability in HP SiteScope to retrieve an arbitrary file from the remote server. It is accomplished by calling the getFileInternal operation available through the APISiteScopeImpl AXIS service. This Metasploit module has been successfully tested on HP SiteScope 11.20 over Windows 2003 SP2 and Linux Centos 6.3.

tags | exploit, remote, arbitrary, bypass
systems | linux, windows, centos
SHA-256 | ac2a6c8b7ee1032f4592faca207812805ca78af0323e9f167ee599f82c2b95f3
HP Intelligent Management BIMS DownloadServlet Directory Traversal
Posted Sep 1, 2024
Authored by rgod, juan vazquez | Site metasploit.com

This Metasploit module exploits a lack of authentication and a directory traversal in HP Intelligent Management, specifically in the DownloadServlet from the BIMS component, in order to retrieve arbitrary files with SYSTEM privileges. This Metasploit module has been tested successfully on HP Intelligent Management Center 5.1 E0202 with BIMS 5.1 E0201 over Windows 2003 SP2.

tags | exploit, arbitrary
systems | windows
advisories | CVE-2013-4823
SHA-256 | dd399cbd46c56431b6335bb7af600f7a8b07fbe5b5343567170606df7df666bb
HP Intelligent Management IctDownloadServlet Directory Traversal
Posted Sep 1, 2024
Authored by rgod, juan vazquez | Site metasploit.com

This Metasploit module exploits a lack of authentication and a directory traversal in HP Intelligent Management, specifically in the IctDownloadServlet, in order to retrieve arbitrary files with SYSTEM privileges. This Metasploit module has been tested successfully on HP Intelligent Management Center 5.1 E0202 over Windows 2003 SP2.

tags | exploit, arbitrary
systems | windows
advisories | CVE-2012-5204
SHA-256 | 331f67245589f8f5486246bf8eb948bde7cf833ed0355ee50545787a79aaed4a
HP Data Protector 6.1 EXEC_CMD Command Execution
Posted Aug 31, 2024
Authored by Wireghoul, sinn3r, ch0ks, c4an | Site metasploit.com

This Metasploit module exploits HP Data Protectors omniinet process, specifically against a Windows setup. When an EXEC_CMD packet is sent, omniinet.exe will attempt to look for that user-supplied filename with kernel32!FindFirstFileW(). If the file is found, the process will then go ahead execute it with CreateProcess() under a new thread. If the filename isnt found, FindFirstFileW() will throw an error (0x03), and then bails early without triggering CreateProcess(). Because of these behaviors, if you try to supply an argument, FindFirstFileW() will look at that as part of the filename, and then bail. Please note that when you specify the CMD option, the base path begins under C:\.

tags | exploit
systems | windows
advisories | CVE-2011-0923
SHA-256 | d60f9ecfdd7e75b911a02d2e3e9f7e6e28eb00b4db11022e93bc1c7e16bb9722
HP ILO 4 1.00-2.50 Authentication Bypass Administrator Account Creation
Posted Aug 31, 2024
Site metasploit.com

This Metasploit module exploits an authentication bypass in HP iLO 4 1.00 to 2.50, triggered by a buffer overflow in the Connection HTTP header handling by the web server. Exploiting this vulnerability gives full access to the REST API, allowing arbitrary accounts creation.

tags | exploit, web, overflow, arbitrary
advisories | CVE-2017-12542
SHA-256 | 307468ecf285c6317f2e172728ad61a604fe9d31aa424fe525723ac69384bc9e
HP Intelligent Management SOM Account Creation
Posted Aug 31, 2024
Authored by rgod, juan vazquez | Site metasploit.com

This Metasploit module exploits a lack of authentication and access control in HP Intelligent Management, specifically in the AccountService RpcServiceServlet from the SOM component, in order to create a SOM account with Account Management permissions. This Metasploit module has been tested successfully on HP Intelligent Management Center 5.2 E0401 and 5.1 E202 with SOM 5.2 E0401 and SOM 5.1 E0201 over Windows 2003 SP2.

tags | exploit
systems | windows
advisories | CVE-2013-4824
SHA-256 | f80f182bd3efcc931cc161e517ad609080f18fbbea524563033651e7394cda0f
HP ProCurve SNAC Domain Controller Credential Dumper
Posted Aug 31, 2024
Authored by rgod, juan vazquez | Site metasploit.com

This Metasploit module will extract Domain Controller credentials from vulnerable installations of HP SNAC as distributed with HP ProCurve 4.00 and 3.20. The authentication bypass vulnerability has been used to exploit remote file uploads. This vulnerability can be used to gather important information handled by the vulnerable application, like plain text domain controller credentials. This Metasploit module has been tested successfully with HP SNAC included with ProCurve Manager 4.0.

tags | exploit, remote, bypass, file upload
SHA-256 | aed454bc14ce73f32076d32a64079806c8be0da490907a6f04fd8ad00e038838
HP Operations Manager Perfd Environment Scanner
Posted Aug 31, 2024
Authored by Jay Turla | Site metasploit.com

This Metasploit module will enumerate the process list of a remote machine by abusing HP Operation Managers unauthenticated perfd daemon.

tags | exploit, remote
SHA-256 | 48743288737e4fbe8b23b6415022b845900894d016893aeebdbd614a86291a45
Splunk edit_user Capability Privilege Escalation
Posted Oct 27, 2023
Authored by Heyder Andrade, RedWay Security, Santiago Lopez | Site metasploit.com

Splunk suffers from an issue where a low-privileged user who holds a role that has the edit_user capability assigned to it can escalate their privileges to that of the admin user by providing a specially crafted web request. This is because the edit_user capability does not honor the grantableRoles setting in the authorize.conf configuration file, which prevents this scenario from happening. This exploit abuses this vulnerability to change the admin password and login with it to upload a malicious app achieving remote code execution.

tags | exploit, remote, web, code execution
advisories | CVE-2023-32707
SHA-256 | 7181dfaec2f1f7eb973d6e9ba2bc3a477b83011115b041d9cb0b9ad5e441fc41
HP Intelligent Management Java Deserialization Remote Code Execution
Posted Dec 4, 2018
Authored by mr_me, Carsten MaartmannMoe | Site metasploit.com

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WebDMDebugServlet, which listens on TCP ports 8080 and 8443 by default. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute arbitrary code in the context of SYSTEM.

tags | exploit, remote, arbitrary, tcp
advisories | CVE-2017-12557
SHA-256 | d80500f62044dc3f7dc37c282b30194790326326fe1303d664ec78ee54518ad4
HP Jetdirect Path Traversal Arbitrary Code Execution
Posted Aug 27, 2018
Authored by Jacob Baines | Site metasploit.com

This Metasploit module exploits a path traversal via Jetdirect to gain arbitrary code execution by writing a shell script that is loaded on startup to /etc/profile.d. Then, the printer is restarted using SNMP. A large amount of printers are impacted.

tags | exploit, arbitrary, shell, code execution
advisories | CVE-2017-2741
SHA-256 | 6d49ac5c1a048f446f5501a2e5655bb13c4c90e6dff4cd28f9778208c5d72b62
HP VAN SDN Controller Root Command Injection
Posted Jul 7, 2018
Authored by Matthew Bergin, wvu | Site metasploit.com

This Metasploit module exploits a hardcoded service token or default credentials in HPE VAN SDN Controller versions 2.7.18.0503 and below to execute a payload as root. A root command injection was discovered in the uninstall action's name parameter, obviating the need to use sudo for privilege escalation. If the service token option TOKEN is blank, USERNAME and PASSWORD will be used for authentication. An additional login request will be sent.

tags | exploit, root
SHA-256 | eea257b390a3b287d462cce58af78297233c499f3594b67b9e26d2aa119c09e9
HPE iMC dbman RestoreDBase Unauthenticated Remote Command Execution
Posted Jan 10, 2018
Authored by Chris Lyne, sztivi | Site metasploit.com

This Metasploit module exploits a remote command execution vulnerability in Hewlett Packard Enterprise Intelligent Management Center before version 7.3 E0504P04. The dbman service allows unauthenticated remote users to restore a user-specified database (OpCode 10007), however the database connection username is not sanitized resulting in command injection, allowing execution of arbitrary operating system commands as SYSTEM. This service listens on TCP port 2810 by default. This Metasploit module has been tested successfully on iMC PLAT v7.2 (E0403) on Windows 7 SP1 (EN).

tags | exploit, remote, arbitrary, tcp
systems | windows
advisories | CVE-2017-5817
SHA-256 | 6e617c9e2dc52b8e3176ccf763528cbf0564f66df4920f7c15aa5b7cd694b5ea
HPE iMC dbman RestartDB Unauthenticated Remote Command Execution
Posted Jan 10, 2018
Authored by Chris Lyne, sztivi | Site metasploit.com

This Metasploit module exploits a remote command execution vulnerability in Hewlett Packard Enterprise Intelligent Management Center before version 7.3 E0504P04. The dbman service allows unauthenticated remote users to restart a user-specified database instance (OpCode 10008), however the instance ID is not sanitized, allowing execution of arbitrary operating system commands as SYSTEM. This service listens on TCP port 2810 by default. This Metasploit module has been tested successfully on iMC PLAT v7.2 (E0403) on Windows 7 SP1 (EN).

tags | exploit, remote, arbitrary, tcp
systems | windows
advisories | CVE-2017-5816
SHA-256 | 8593e2a11cac9b478374fc96e4123be69ffbd8aafe9adc13437d98414d73a636
HP Mercury LoadRunner Agent magentproc.exe Remote Command Execution
Posted Dec 30, 2017
Authored by temp66, aushack | Site metasploit.com

This Metasploit module exploits a remote command execution vulnerability in HP LoadRunner before 9.50 and also HP Performance Center before 9.50. HP LoadRunner 12.53 and other versions are also most likely vulnerable if the (non-default) SSL option is turned off. By sending a specially crafted packet, an attacker can execute commands remotely. The service is vulnerable provided the Secure Channel feature is disabled (default).

tags | exploit, remote
advisories | CVE-2010-1549
SHA-256 | 0bfa24b3a3de55a83f6e1af498795fa6d0ddf8b35ad4a3fdfc280bd24cc80dd2
HP Insight Control For VMware vCenter Server 7.3 Insecure Permissions
Posted Dec 28, 2017
Authored by Glafkos Charalambous

HP Insight Control for VMware vCenter Server version 7.3 allows a low privileged attacker to read sensitive information files, decrypt all configuration server passwords, and gain access to the systems which in turn leads to the compromise of the whole infrastructure.

tags | exploit
SHA-256 | 171a6632cc48d498cc993433e0e5d051881555de1c0cff708aef0055cc0d4f1c
Rancher Server Docker Exploit
Posted Oct 8, 2017
Authored by Martin Pizala | Site metasploit.com

Utilizing Rancher Server, an attacker can create a docker container with the '/' path mounted with read/write permissions on the host server that is running the docker container. As the docker container executes command as uid 0 it is honored by the host operating system allowing the attacker to edit/create files owed by root. This exploit abuses this to creates a cron job in the '/etc/cron.d/' path of the host server. The Docker image should exist on the target system or be a valid image from hub.docker.com. Use `check` with verbose mode to get a list of exploitable Rancher Hosts managed by the target system.

tags | exploit, root
SHA-256 | cedd93ec70ea235aa99b19084d79514a56ad7dd7b2451baa00221a0a6edf4952
Docker Daemon Unprotected TCP Socket
Posted Sep 8, 2017
Authored by Martin Pizala | Site metasploit.com

Utilizing Docker via unprotected tcp socket (2375/tcp, maybe 2376/tcp with tls but without tls-auth), an attacker can create a Docker container with the '/' path mounted with read/write permissions on the host server that is running the Docker container. As the Docker container executes command as uid 0 it is honored by the host operating system allowing the attacker to edit/create files owned by root. This exploit abuses this to creates a cron job in the '/etc/cron.d/' path of the host server. The Docker image should exist on the target system or be a valid image from hub.docker.com.

tags | exploit, root, tcp
SHA-256 | 5eef6332da7f2e3eafd6c25adcb58e15c04382cde4fdec2987c6b2d85ab64dfe
DC/OS Marathon UI Docker Privilege Escalation
Posted Jun 7, 2017
Authored by Erik Daguerre | Site metasploit.com

Utilizing the DCOS Cluster's Marathon UI, an attacker can create a docker container with the '/' path mounted with read/write permissions on the host server that is running the docker container. As the docker container executes command as uid 0 it is honored by the host operating system allowing the attacker to edit/create files owed by root. This exploit abuses this to create a cron job in the '/etc/cron.d/' path of the host server. Note that the docker image must be a valid docker image from hub.docker.com. Further more the docker container will only deploy if there are resources available in the DC/OS cluster.

tags | exploit, root
SHA-256 | 10a3e28a45a0567b678d813b94116bfb80c6f6277258907fff79b23d661ddc57
HP Client Automation 7.9 Command Injection
Posted Oct 10, 2016
Authored by slidingwindow0xff

HP Client Automation remote command injection exploit that adds backdoor accounts and provides a reverse shell. Author tested on version 7.9 but believes it should also work on 8.1, 9.0, and 9.1.

tags | exploit, remote, shell
advisories | CVE-2015-1497
SHA-256 | 21071151f479044290767d7497c10787d8aae743a7b1d0070b60601cbca11962
Page 1 of 4
Back1234Next

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    20 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    17 Files
  • 8
    Oct 8th
    66 Files
  • 9
    Oct 9th
    25 Files
  • 10
    Oct 10th
    20 Files
  • 11
    Oct 11th
    21 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close