exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 5 of 5 RSS Feed


Microsoft Windows 10 User Sessions Stuck
Posted Oct 30, 2018
Authored by Fabien Dromas

This exploit modifies a windows language registry key which causes some windows binaries to stick, including login which makes the session unusable. The key is in HKCU and can be modified without admin rights, but with a bypass UAC, all user sessions can be paralyzed by using reg.exe and user's NTUSER.DAT.

tags | exploit, registry
systems | windows
SHA-256 | cebc8192e58860f9e56ac23e83917c52d657bce5533347a18906dba9296c9c96

Related Files

Baldr Botnet Panel Shell Upload
Posted Jul 29, 2020
Authored by Ege Balci | Site metasploit.com

This Metasploit module exploits a arbitrary file upload vulnerability within the Baldr stealer malware control panel. Attackers can turn this vulnerability into remote code execution by adding malicious PHP code inside the victim logs ZIP file and registering a new bot to the panel by uploading the ZIP file under the logs directory. On versions 3.0 and 3.1 victim logs are ciphered by a random 4 byte XOR key. This exploit module retrieves the IP specific XOR key from panel gate and registers a new victim to the panel with adding the selected payload inside the victim logs.

tags | exploit, remote, arbitrary, php, code execution, file upload
SHA-256 | eead6190f3debc909c6e03fa4150c29da6936794b738a1702f89596b906fc97f
WordPress 5.0.0 crop-image Shell Upload
Posted Apr 4, 2019
Authored by RIPSTECH Technology, Wilfried Becard | Site metasploit.com

This Metasploit module exploits a path traversal and a local file inclusion vulnerability on WordPress versions 5.0.0 and versions below or equal to 4.9.8. The crop-image function allows a user, with at least author privileges, to resize an image and perform a path traversal by changing the _wp_attached_file reference during the upload. The second part of the exploit will include this image in the current theme by changing the _wp_page_template attribute when creating a post. This exploit module only works for Unix-based systems currently.

tags | exploit, local, file inclusion
systems | unix
advisories | CVE-2019-8942, CVE-2019-8943
SHA-256 | bd1f2d0a7453946a4baa703e14878a8668792a590d2018556e1e736471a78c41
Metasploit Example Exploit
Posted Jul 15, 2017
Authored by skape | Site metasploit.com

This exploit module illustrates how a vulnerability could be exploited in an TCP server that has a parsing bug. This is an example Metasploit module to be used for exploit development.

tags | exploit, tcp
SHA-256 | 7080c0e0772da0f83c51df64e3f6e1cc4c7d74a7c1c2265e80261599694e52d2
Microsoft Internet Explorer JavaScript OnLoad Handler Remote Code Execution
Posted Jan 13, 2012
Authored by Benjamin Tobias Franz, Stuart Pearson, Sam Sharps | Site metasploit.com

This bug is triggered when the browser handles a JavaScript 'onLoad' handler in conjunction with an improperly initialized 'window()' JavaScript function. This exploit results in a call to an address lower than the heap. The javascript prompt() places the shellcode near where the call operand points to. The module calls prompt() multiple times in separate iframes to place our return address. The module hides the prompts in a popup window behind the main window and then it will spray the heap a second time with the shellcode and point the return address to the heap. It then uses a fairly high address to make this exploit more reliable. IE will crash when the exploit completes. Also, please note that Internet Explorer must allow popups in order to continue exploitation.

tags | exploit, javascript, shellcode
advisories | CVE-2005-1790
SHA-256 | dfbe6b34adf9a6a1783c641f7329756e98c1bb69d235bba9e36f55dd9ec0f6b0
Mozilla Firefox Code Execution
Posted Oct 27, 2009
Authored by H D Moore, Aviv Raff | Site metasploit.com

This Metasploit module exploits a code execution vulnerability in the Mozilla Suite, Mozilla Firefox, and Mozilla Thunderbird applications. This exploit module is a direct port of Aviv Raff's HTML PoC.

tags | exploit, code execution
advisories | CVE-2005-2265
SHA-256 | b867c0785b780e6498eb0c3b8d27c20f4cec51a630404edc8bd0c545b8e1e652
Page 1 of 1

File Archive:

May 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    15 Files
  • 2
    May 2nd
    16 Files
  • 3
    May 3rd
    38 Files
  • 4
    May 4th
    15 Files
  • 5
    May 5th
    35 Files
  • 6
    May 6th
    0 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    8 Files
  • 9
    May 9th
    65 Files
  • 10
    May 10th
    19 Files
  • 11
    May 11th
    27 Files
  • 12
    May 12th
    8 Files
  • 13
    May 13th
    0 Files
  • 14
    May 14th
    1 Files
  • 15
    May 15th
    19 Files
  • 16
    May 16th
    66 Files
  • 17
    May 17th
    28 Files
  • 18
    May 18th
    32 Files
  • 19
    May 19th
    13 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    23 Files
  • 23
    May 23rd
    15 Files
  • 24
    May 24th
    49 Files
  • 25
    May 25th
    20 Files
  • 26
    May 26th
    13 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    11 Files
  • 30
    May 30th
    46 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Security Services
Hosting By