exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 100 RSS Feed

Files

WordPress Ajax Load More PHP Upload
Posted Nov 9, 2015
Authored by temp66 | Site metasploit.com

This Metasploit module exploits an arbitrary file upload in the WordPress Ajax Load More version 2.8.1.1. It allows you to upload arbitrary php files and get remote code execution. This Metasploit module has been tested successfully on WordPress Ajax Load More 2.8.0 with WordPress 4.1.3 on Ubuntu 12.04/14.04 Server.

tags | exploit, remote, arbitrary, php, code execution, file upload
systems | linux, ubuntu
SHA-256 | 11f7539e7ef47eff9d74ba4f4c35c661e3f3e8bfd87cbe2130c13dbb4e6eb011

Related Files

Ubuntu Security Notice USN-1539-1
Posted Aug 15, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1539-1 - An error was discovered in the Linux kernel's network TUN/TAP device implementation. A local user with access to the TUN/TAP interface (which is not available to unprivileged users until granted by a root user) could exploit this flaw to crash the system or potential gain administrative privileges. Ulrich Obergfell discovered an error in the Linux kernel's memory management subsystem on 32 bit PAE systems with more than 4GB of memory installed. A local unprivileged user could exploit this flaw to crash the system. Various other issues were also addressed.

tags | advisory, kernel, local, root
systems | linux, ubuntu
advisories | CVE-2012-2136, CVE-2012-2373, CVE-2012-3375, CVE-2012-3400, CVE-2012-2136, CVE-2012-2373, CVE-2012-3375, CVE-2012-3400
SHA-256 | 5f1ac3455cca303b5f6aca689847449cc9dd5b0bb1082518a0a561ff16855b85
Entropy Broker RNG 1.0.1
Posted Aug 14, 2012
Authored by Folkert van Heusden | Site vanheusden.com

Entropy Broker is an infrastructure for distributing cryptographically secure random numbers (entropy data) from one or more servers to one or more clients. Entropy Broker allows you to distribute entropy data (random values) to /dev/random devices from other systems (real servers or virtualised systems). It helps preventing that the /dev/random device gets depleted; an empty /dev/random-device can cause programs to hang (waiting for entropy data to become available). This is useful for systems that need to generate encryption keys, run VPN software or run a casino website.

Changes: This is an important bugfix release. This version replaces the ivec initializer code with something more sensible.
tags | encryption
systems | linux
SHA-256 | e505291a3ada9f1ba3928113fa70f9f79bfc771b2fe8e20560d612d5c64beb5b
ClubHACK Magazine Issue 31
Posted Aug 14, 2012
Authored by clubhack | Site chmag.in

ClubHACK Magazine Issue 31 - Topics covered include Tamper Data, Apple iOS vulnerabilities, Matriux Ec-Centric, and more.

tags | vulnerability
systems | cisco, apple
SHA-256 | a1ee74c3589ae4bf58768c3363b5b7224529e8dbca7f075937c393a8feb9f204
Ubuntu Security Notice USN-1533-1
Posted Aug 13, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1533-1 - An error was discovered in the Linux kernel's network TUN/TAP device implementation. A local user with access to the TUN/TAP interface (which is not available to unprivileged users until granted by a root user) could exploit this flaw to crash the system or potential gain administrative privileges. Ulrich Obergfell discovered an error in the Linux kernel's memory management subsystem on 32 bit PAE systems with more than 4GB of memory installed. A local unprivileged user could exploit this flaw to crash the system. Various other issues were also addressed.

tags | advisory, kernel, local, root
systems | linux, ubuntu
advisories | CVE-2012-2136, CVE-2012-2373, CVE-2012-3375, CVE-2012-3400, CVE-2012-2136, CVE-2012-2373, CVE-2012-3375, CVE-2012-3400
SHA-256 | 5082c7fb8f2daf682cfc7378525c60b86fbdff934daf85b48b38b2fb8e3e9935
Ubuntu Security Notice USN-1532-1
Posted Aug 13, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1532-1 - An error was discovered in the Linux kernel's network TUN/TAP device implementation. A local user with access to the TUN/TAP interface (which is not available to unprivileged users until granted by a root user) could exploit this flaw to crash the system or potential gain administrative privileges. Ulrich Obergfell discovered an error in the Linux kernel's memory management subsystem on 32 bit PAE systems with more than 4GB of memory installed. A local unprivileged user could exploit this flaw to crash the system. Various other issues were also addressed.

tags | advisory, kernel, local, root
systems | linux, ubuntu
advisories | CVE-2012-2136, CVE-2012-2373, CVE-2012-3375, CVE-2012-3400, CVE-2012-2136, CVE-2012-2373, CVE-2012-3375, CVE-2012-3400
SHA-256 | d3bc5635bb481cc6a0e193e3e7c9e9b74aef3286e675b23aa6d47538518c4356
Entropy Broker RNG 1.0
Posted Aug 7, 2012
Authored by Folkert van Heusden | Site vanheusden.com

Entropy Broker is an infrastructure for distributing cryptographically secure random numbers (entropy data) from one or more servers to one or more clients. Entropy Broker allows you to distribute entropy data (random values) to /dev/random devices from other systems (real servers or virtualised systems). It helps preventing that the /dev/random device gets depleted; an empty /dev/random-device can cause programs to hang (waiting for entropy data to become available). This is useful for systems that need to generate encryption keys, run VPN software or run a casino website.

Changes: EGD client now fully implements the EGD protocol. A network protocol fix was implemented.
tags | encryption
systems | linux
SHA-256 | 76ca25d4f7c84938b67595662b7b2a2ccc1f026c5fd38878da67d399c829206c
Entropy Broker RNG 0.9
Posted Jul 26, 2012
Authored by Folkert van Heusden | Site vanheusden.com

Entropy Broker is an infrastructure for distributing cryptographically secure random numbers (entropy data) from one or more servers to one or more clients. Entropy Broker allows you to distribute entropy data (random values) to /dev/random devices from other systems (real servers or virtualised systems). It helps preventing that the /dev/random device gets depleted; an empty /dev/random-device can cause programs to hang (waiting for entropy data to become available). This is useful for systems that need to generate encryption keys, run VPN software or run a casino website.

Changes: video4linux server is now compatible with video4linux2. It will now dump and restore the pool-contents.
tags | tool, encryption
systems | linux
SHA-256 | 1256b9eabb591bfe6735cfcd5b31fafece6cca0028f6df1894bd805070ba6d45
Fwknop Port Knocking Utility 2.0.1
Posted Jul 24, 2012
Authored by Michael Rash | Site cipherdyne.org

fwknop implements an authorization scheme that requires only a single encrypted packet to communicate various pieces of information, including desired access through a Netfilter policy and/or specific commands to execute on the target system. The main application of this program is to protect services such as SSH with an additional layer of security in order to make the exploitation of vulnerabilities much more difficult. The authorization server works by passively monitoring authorization packets via libpcap.

Changes: Various bug fixes including several minor memory leaks. Added parsing of valgrind output to produce a listing of functions that have been flagged. Various other tweaks.
tags | tool, scanner, vulnerability
systems | unix
SHA-256 | bfb10445f74a3bad526d0bc5d4bdd023e4c36c32ecbaf3e20091f91bbf16c5c1
ClubHACK Magazine Issue 30
Posted Jul 19, 2012
Authored by clubhack | Site chmag.in

ClubHACK Magazine Issue 30 - Topics covered include PHP shells, OWASP DirBuster, Punishment for Violation of Privacy, and more.

tags | shell, php, magazine
SHA-256 | 0b604f5227e59abfbe5016031eedd6039ef777b68799f96352a0a261d1f48f50
metaSSH Session Plugin For Metasploit 0.1
Posted Jul 17, 2012
Authored by dirtyfilthy | Site github.com

metaSSH is a session plugin for Metasploit that gives you a meterpreter-like interface over an ssh connection. The author original wrote this code so they could cleanly reverse pivot over ssh from within metasploit. Features include multi-channel, pivoting, post-exploitation module use, and more.

tags | tool
systems | linux, unix
SHA-256 | cb2904017bd8381379f534d13af9da18283b5ba0d4dca0d7ece74f329056ef4e
Flemish Television Cross Site Scripting
Posted Jul 16, 2012
Authored by Yvan Janssens

The site at http://eenmiljardseconden.frankdeboosere.be/ had a cross site scripting issue and resolved it. What makes this noteworthy is that they took the high road and rickrolled any future attempts. More sites should add humor to their fixes.

tags | advisory, web, xss
SHA-256 | fab0483fa163dbeb5095052167d50d9d23809032c0545626a35845f4b78fa07e
MultiObfuscator 2.00
Posted Jul 13, 2012
Authored by Cosimo Oliboni | Site embeddedsw.net

MultiObfuscator is a professional cryptography tool that offers double encryption, csprng based scrambling, csprng based whitening, and more. Documentation provided.

Changes: Various updates.
tags | tool, encryption
SHA-256 | f7fb28d42040f25c6a5ec261633f0c897d3b6c465fb6c7f5b13676b342117f5c
OpenPuff 4.00
Posted Jul 13, 2012
Authored by Cosimo Oliboni | Site embeddedsw.net

OpenPuff is a professional military-strength steganography tool that supports 16 algorithms, has a strong random number generator, supports many carrier formats, and more.

Changes: Various updates.
tags | tool, encryption, steganography
SHA-256 | 2f80a5742d36ad596c1b2de51eae10ec6f370c8b5a34e6ef6640dbc5ee087a83
Cryptfuscate Bundle 1.1
Posted Jul 8, 2012
Authored by Brandon Miller | Site 0daysclosure.com

Cryptfuscate Bundle provides a better, more secure, solution for obfuscating Perl code. Cryptfuscate Bundle consists of two main scripts, cryptfuscate.pl and executer.pl. cryptfuscate.pl creates an encrypted version of Perl module embedded text files using Blowfish AES encryption and encodes the module in base 64. executer.pl then can be packaged with the encrypted module and placed on a target's box. executer.pl can then be launched and given the correct encryption key and salt will decrypt the module, handle the module as a string, and execute the module using Perl's eval() function. This method of execution provides you with a safe and secure way to execute Perl code while keeping local users from being able to analyze the source code of your module. Cryptfuscate Bundle comes with a module to experiment with, a bind shell on port 62221.

tags | tool, shell, local, perl, encryption
systems | unix
SHA-256 | 1e5fa99ad3c862fb14e7fcf215948fd8267a9170c688498ba501be414b46b883
Hydra Network Logon Cracker 7.3
Posted Jul 5, 2012
Authored by van Hauser, thc | Site thc.org

THC-Hydra is a high quality parallelized login hacker for Samba, Smbnt, Cisco AAA, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support, parallel scans, and is part of Nessus.

Changes: Multiple enhancements and fixed to Hydra main, the SNMP module, the HTTP module, and more. Added IDN and PCRE support for Cygwin.
tags | tool, web, cracker, imap
systems | cisco, unix
SHA-256 | 14805ba70f3f22beb00344db161a1a84d61059655f2be37dd02a5c5cceae306d
HP Data Protector Create New Folder Buffer Overflow
Posted Jul 2, 2012
Authored by sinn3r, juan vazquez | Site metasploit.com

This Metasploit module exploits a stack buffer overflow in HP Data Protector 5. The overflow occurs in the creation of new folders, where the name of the folder is handled in a insecure way by the dpwindtb.dll component. While the overflow occurs in the stack, the folder name is split in fragments in this insecure copy. Because of this, this module uses egg hunting to search a non corrupted copy of the payload in the heap. On the other hand the overflowed buffer is stored in a frame protected by stack cookies, because of this SEH handler overwrite is used. Any user of HP Data Protector Express is able to create new folders and trigger the vulnerability. Moreover, in the default installation the 'Admin' user has an empty password. Successful exploitation will lead to code execution with the privileges of the "dpwinsdr.exe" (HP Data Protector Express Domain Server Service) process, which runs as SYSTEM by default.

tags | exploit, overflow, code execution
advisories | CVE-2012-0124, OSVDB-80105
SHA-256 | 962411e193e7b384adfe805773b642d125d223dcbeecdc498ef53de2cbc5c202
Apple QuickTime TeXML Stack Buffer Overflow
Posted Jun 29, 2012
Authored by sinn3r, Alexander Gavrun, juan vazquez | Site metasploit.com

This Metasploit module exploits a vulnerability found in Apple QuickTime. When handling a TeXML file, it is possible to trigger a stack-based buffer overflow, and then gain arbitrary code execution under the context of the user. The flaw is generally known as a bug while processing the 'transform' attribute, however, that attack vector seems to only cause a TerminateProcess call due to a corrupt stack cookie, and more data will only trigger a warning about the malformed XML file. This Metasploit module exploits the 'color' value instead, which accomplishes the same thing.

tags | exploit, overflow, arbitrary, code execution
systems | apple
advisories | CVE-2012-0663, OSVDB-81934
SHA-256 | c3e73b5fb622e5d0d8dee9cca23a811ec375673bedd92228a5733bc9287c407b
OpenSSH 6.0p1 Full Backdoor Patch
Posted Jun 28, 2012
Authored by Bob | Site dtors.net

This patch for OpenSSH 6.0 Portable adds a hardcoded skeleton key, removes connection traces in the log files, usernames and passwords both in and out are logged, and more.

tags | patch
systems | unix
SHA-256 | 91e6a90b3c87b8f7d0724216a9917a20867daf81819abb0ea42429d1ebd62e36
Red Hat Security Advisory 2012-1037-01
Posted Jun 25, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1037-01 - PostgreSQL is an advanced object-relational database management system. A flaw was found in the way the crypt() password hashing function from the optional PostgreSQL pgcrypto contrib module performed password transformation when used with the DES algorithm. If the password string to be hashed contained the 0x80 byte value, the remainder of the string was ignored when calculating the hash, significantly reducing the password strength. This made brute-force guessing more efficient as the whole password was not required to gain access to protected resources.

tags | advisory
systems | linux, redhat
advisories | CVE-2012-2143, CVE-2012-2655
SHA-256 | 43dd84d900e99c3f1b88175c8d6cb0d767071c6eb772b1ec31adf8ed1f003585
Red Hat Security Advisory 2012-1036-01
Posted Jun 25, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1036-01 - PostgreSQL is an advanced object-relational database management system. A flaw was found in the way the crypt() password hashing function from the optional PostgreSQL pgcrypto contrib module performed password transformation when used with the DES algorithm. If the password string to be hashed contained the 0x80 byte value, the remainder of the string was ignored when calculating the hash, significantly reducing the password strength. This made brute-force guessing more efficient as the whole password was not required to gain access to protected resources.

tags | advisory
systems | linux, redhat
advisories | CVE-2012-2143
SHA-256 | 91db521987a8f25ecabb7834e60cc56577345d64eb97ff886fb0176153721100
ClubHACK Magazine Issue 29
Posted Jun 21, 2012
Authored by clubhack | Site chmag.in

ClubHACK Magazine Issue 29 - Topics covered include game server dos attacks, scapy, preventing cross site scripting, and more.

tags | xss, magazine
SHA-256 | 902f281d48f8415f78d996798bd36aab1d7c6fb603cd4da731434c4e206e043b
Red Hat Security Advisory 2012-0880-04
Posted Jun 20, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0880-04 - Qt is a software toolkit that simplifies the task of writing and maintaining GUI applications for the X Window System. HarfBuzz is an OpenType text shaping engine. A buffer overflow flaw was found in the harfbuzz module in Qt. If a user loaded a specially-crafted font file with an application linked against Qt, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. A flaw was found in the way Qt handled X.509 certificates with IP address wildcards. An attacker able to obtain a certificate with a Common Name containing an IP wildcard could possibly use this flaw to impersonate an SSL server to client applications that are using Qt. This update also introduces more strict handling for hostname wildcard certificates by disallowing the wildcard character to match more than one hostname component.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2010-5076, CVE-2011-3922
SHA-256 | 88fdefaee5d521cf6eb6d97528778445e48f16725d34e7207c5a2cb76e6cb77b
Bluelog Bluetooth Scanner/Logger 1.0.4
Posted Jun 20, 2012
Authored by Tom Nardi | Site digifail.com

Bluelog is a Bluetooth scanner/logger written with speed in mind. It is intended to be used as a site survey tool, concerned more about accurately detecting the number of discoverable Bluetooth devices than individual device specifics. Bluelog also includes the unique "Bluelog Live" mode, which puts discovered devices into a constantly updating live webpage which you can serve up with your HTTP daemon of choice.

Changes: This large update features many internal improvements and a completely new Bluelog Live CGI module. Performance on OpenWRT and the Pwnie Express Pwn Plug was improved.
tags | tool, web, wireless
systems | unix
SHA-256 | e53fd2776af93ae71e5b5689f73a3780e892b2167d39240548d98d219eb2a863
PDFResurrect PDF Analyzer 0.11
Posted May 31, 2012
Authored by enferex | Site 757labs.com

PDFResurrect is a tool aimed at analyzing PDF documents. The PDF format allows for previous document changes to be retained in a more recent version of the document, thereby creating a running history of changes for the document. This tool attempts to extract all previous versions while also producing a summary of changes between versions. It can also "scrub" or write data over the original instances of PDF objects that have been modified or deleted, in an effort to disguise information from previous versions that might not be intended for anyone else to read.

Changes: This is a bugfix release.
tags | tool, forensics
systems | unix
SHA-256 | d13f69404e05f1bc9e2a12eaf81d255fbddf0f38495814da6eb3bdc6b731de4a
Browser Navigation Download Trick
Posted May 31, 2012
Authored by Michal Zalewski | Site lcamtuf.coredump.cx

It is an important and little-known property of web browsers that one document can always navigate other, non-same-origin windows to arbitrary URLs. Perhaps more interestingly, you can also navigate third-party documents to resources served with Content-Disposition: attachment, in which case, you get the original contents of the address bar, plus a rogue download prompt attached to an unsuspecting page that never wanted you to download that file. Proof of concept code included.

tags | exploit, web, arbitrary, proof of concept
systems | windows
SHA-256 | c8e117983282dd44d231f39a10dc8b0b2bf8c46c42490f1cf78aeb4b75db6be8
Page 1 of 4
Back1234Next

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close