exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 100 RSS Feed

Files

Log4j Remote Code Execution Word Bypassing
Posted Dec 15, 2021
Authored by Puliczek | Site github.com

Log4j remote code execution exploit with a trick to bypass words blocking patches. Works on Log4j versions 2.14.1 and below.

tags | exploit, java, remote, code execution
advisories | CVE-2021-44228
SHA-256 | de7380eb6b3fc4c49f27978b8a6c7f1adef40597e054a9798db4c61a23e7311f

Related Files

Linux OverlayFS Local Privilege Escalation
Posted Sep 27, 2024
Authored by Takahiro Yokoyama, xkaneiki, sxlmnwb | Site metasploit.com

This Metasploit module exploit targets the Linux kernel bug in OverlayFS. A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalate their privileges on the system.

tags | exploit, kernel, local
systems | linux
advisories | CVE-2023-0386
SHA-256 | 6c56ce8217d90e114635700a314b8fcfb2c5a11cfda46c96a6c0e2d713c433bb
Log4Shell HTTP Scanner
Posted Sep 1, 2024
Authored by Spencer McIntyre, RageLtMan | Site metasploit.com

Versions of Apache Log4j2 impacted by CVE-2021-44228 which allow JNDI features used in configuration, log messages, and parameters, do not protect against attacker controlled LDAP and other JNDI related endpoints. This Metasploit module will scan an HTTP end point for the Log4Shell vulnerability by injecting a format message that will trigger an LDAP connection to Metasploit. This Metasploit module is a generic scanner and is only capable of identifying instances that are vulnerable via one of the pre-determined HTTP request injection points. These points include HTTP headers and the HTTP request path. Known impacted software includes Apache Struts 2, VMWare VCenter, Apache James, Apache Solr, Apache Druid, Apache JSPWiki, Apache OFBiz.

tags | exploit, web
advisories | CVE-2021-44228, CVE-2021-45046
SHA-256 | 0c99025a240dc811b182feb7d9c9d3253b1e32fb38ca51be4415745de5402484
CVE-2019-0708 BlueKeep Microsoft Remote Desktop Remote Code Execution Check
Posted Aug 31, 2024
Authored by Tom Sellers, zerosum0x0, JaGoTu, National Cyber Security Centre | Site metasploit.com

This Metasploit module checks a range of hosts for the CVE-2019-0708 vulnerability by binding the MS_T120 channel outside of its normal slot and sending non-DoS packets which respond differently on patched and vulnerable hosts. It can optionally trigger the DoS vulnerability.

tags | exploit, denial of service
advisories | CVE-2019-0708
SHA-256 | 6a4a44bfa015ee1e424da3c229e217a013236f2eec5a985ec1f2d2bbef888f5f
CVE-2023-21554 QueueJumper - MSMQ Remote Code Execution Check
Posted Aug 31, 2024
Authored by Haifei Li, Wayne Low, Bastian Kanbach | Site metasploit.com

This Metasploit module checks the provided hosts for the CVE-2023-21554 vulnerability by sending a MSMQ message with an altered DataLength field within the SRMPEnvelopeHeader that overflows the given buffer. On patched systems, the error is caught and no response is sent back. On vulnerable systems, the integer wraps around and depending on the length could cause an out-of-bounds write. In the context of this module a response is sent back, which indicates that the system is vulnerable.

tags | exploit, overflow
advisories | CVE-2023-21554
SHA-256 | a0cddadb1a675fdce4af377d71ed784a8906286c13da03dac1d38aa7dce5ef6b
SAP Solution Manager Remote Unauthorized OS Commands Execution
Posted Aug 31, 2024
Authored by Dmitry Chastuhin, Pablo Artuso, Vladimir Ivanov, Yvan Genuer | Site metasploit.com

This Metasploit module exploits the CVE-2020-6207 vulnerability within the SAP EEM servlet (tc~smd~agent~application~eem) of SAP Solution Manager (SolMan) running version 7.2. The vulnerability occurs due to missing authentication checks when submitting SOAP requests to the /EemAdminService/EemAdmin page to get information about connected SMDAgents, send HTTP request (SSRF), and execute OS commands on connected SMDAgent. Works stable in connected SMDAgent with Java version 1.8. Successful exploitation of the vulnerability enables unauthenticated remote attackers to achieve SSRF and execute OS commands from the agent connected to SolMan as a user from which the SMDAgent service starts, usually the daaadm.

tags | exploit, java, remote, web
advisories | CVE-2020-6207
SHA-256 | d3cd670695bc394e4f3ed861de2d7c717dac789ada16fbb0c7c9e1612d66ab86
SAP Unauthenticated WebService User Creation
Posted Aug 31, 2024
Authored by Spencer McIntyre, Dmitry Chastuhin, Pablo Artuso | Site metasploit.com

This Metasploit module leverages an unauthenticated web service to submit a job which will create a user with a specified role. The job involves running a wizard. After the necessary action is taken, the job is canceled to avoid unnecessary system changes.

tags | exploit, web
advisories | CVE-2020-6287
SHA-256 | 9d4da8f09f54ec6089b8460657fec4b370a7fd9f0d3af4a870972933d253c5aa
Active Directory Certificate Services (ADCS) Privilege Escalation (Certifried)
Posted Aug 31, 2024
Authored by Christophe de la Fuente, Erik Wynter, Oliver Lyak, CravateRouge | Site metasploit.com

This Metasploit module exploits a privilege escalation vulnerability in Active Directory Certificate Services (ADCS) to generate a valid certificate impersonating the Domain Controller (DC) computer account. This certificate is then used to authenticate to the target as the DC account using PKINIT preauthentication mechanism. The module will get and cache the Ticket-Granting-Ticket (TGT) for this account along with its NTLM hash. Finally, it requests a TGS impersonating a privileged user (Administrator by default). This TGS can then be used by other modules or external tools.

tags | exploit
advisories | CVE-2022-26923
SHA-256 | 4711426ef94613fcb75202051eeb6967ed730af89bad38174d480f454b5faee3
Netlogon Weak Cryptographic Authentication
Posted Aug 31, 2024
Authored by Spencer McIntyre, Tom Tervoort, Dirk-jan Mollema | Site metasploit.com

A vulnerability exists within the Netlogon authentication process where the security properties granted by AES are lost due to an implementation flaw related to the use of a static initialization vector (IV). An attacker can leverage this flaw to target an Active Directory Domain Controller and make repeated authentication attempts using NULL data fields which will succeed every 1 in 256 tries (~0.4%). This Metasploit module leverages the vulnerability to reset the machine account password to an empty string, which will then allow the attacker to authenticate as the machine account. After exploitation, its important to restore this password to its original value. Failure to do so can result in service instability.

tags | exploit
advisories | CVE-2020-1472
SHA-256 | 2e8cb0b33fee94cb76487f48c8612ae293bf93023140f19faf6766dfb2245f0e
Apache Tapestry HMAC secret key leak
Posted Aug 31, 2024
Authored by Johannes Moritz, Yann Castel | Site metasploit.com

This exploit finds the HMAC secret key used in Java serialization by Apache Tapestry. This key is located in the file AppModule.class by default and looks like the standard representation of UUID in hex digits (hd) : 6hd-4hd-4hd-4hd-12hd If the HMAC key has been changed to look differently, this module wont find the key because it tries to download the file and then uses a specific regex to find the key.

tags | exploit, java
advisories | CVE-2021-27850
SHA-256 | b1c7d62902e4bda90669843700bef91f0006f013f404b5ebf2f2d9ae7a80eaf5
Apache log4j2 Code Execution
Posted Aug 8, 2024
Authored by ashdoeshax | Site github.com

Log4j 2.15.0 was released to address the widely reported JNDI Remote Code Execution (RCE) (CVE-2021-44228) vulnerability in Log4j. Shortly thereafter, 2.16.0 was released to address a Denial of Service (DoS) vulnerability (CVE-2021-45046). When examining the 2.15.0 release, Google security engineers found several issues with the Log4j 2.15.0 patch that showed that the severity of the issue addressed in 2.16 was in fact worse than initially understood. This is Google's proof of concept exploit.

tags | exploit, remote, denial of service, code execution, proof of concept
advisories | CVE-2021-45046
SHA-256 | c42c53b6fbd06585bd6895ecad8dddaa20237bb0cbb68646781ab1bf7e1461f2
Gentoo Linux Security Advisory 202402-16
Posted Feb 19, 2024
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202402-16 - Multiple vulnerabilities have been discovered in Apache Log4j, the worst of which can lead to remote code execution. Versions less than or equal to 1.2.17 are affected.

tags | advisory, remote, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2019-17571, CVE-2020-9488, CVE-2020-9493, CVE-2022-23302, CVE-2022-23305
SHA-256 | 79e0825715a2197c39850bba10de0d238187f4c93dcdf24c6b31b702cdb3131e
Gentoo Linux Security Advisory 202312-04
Posted Dec 22, 2023
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202312-4 - A vulnerability has been found in Arduino which bundled a vulnerable version of log4j. Versions greater than or equal to 1.8.19 are affected.

tags | advisory
systems | linux, gentoo
advisories | CVE-2021-4104
SHA-256 | e4428c05137adffbade83bd759fdfe5d40fde795984ac72eea694343c5ca0031
Gentoo Linux Security Advisory 202310-16
Posted Oct 26, 2023
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202310-16 - A vulnerability has been discovered in unifi where bundled log4j can facilitate a remote code execution Versions greater than or equal to 6.5.55 are affected.

tags | advisory, remote, code execution
systems | linux, gentoo
advisories | CVE-2021-4104, CVE-2021-45046
SHA-256 | 5602a819c766f09b96f00fbf929733dc41ef5cd1fb0f160a5790513002ec5cc2
Chrome Renderer Type Confusion / Remote Code Execution
Posted Jun 11, 2023
Authored by Man Yue Mo, GitHub Security Lab

Proof of concept remote code execution exploit that demonstrates a vulnerability in the Chrome renderer sandbox by simply visiting a malicious website.

tags | exploit, remote, code execution, proof of concept
advisories | CVE-2022-1134
SHA-256 | 0bef9994895034465485b3ccc1c259c22c1bde140f7e3d288d935477095db1e7
Qualcomm Adreno GPU Information Leak
Posted Jun 11, 2023
Authored by Man Yue Mo, GitHub Security Lab

Proof of concept exploit for an information leak vulnerability in the Qualcomm Adreno GPU. The bug can be used to leak information in other user apps, as well as in the kernel from an untrusted app. The directory adreno_user contains a proof-of-concept for leaking memory from other applications. It will repeatedly trigger the bug and read the stale information contained in memory pages.

tags | exploit, kernel, proof of concept
advisories | CVE-2022-25664
SHA-256 | 14a7bc813fbfd5b0814582d935ba39c5649faf3bc3609e054c88db47e4159c41
Android Arm Mali GPU Arbitrary Code Execution
Posted Jun 11, 2023
Authored by Man Yue Mo, GitHub Security Lab

Proof of concept exploit for Android on Arm Mali GPU with a kernel driver bug that can be used to gain arbitrary kernel code execution from the untrusted app domain, which is then used to disable SELinux and gain root. The exploit is tested on the Google Pixel 6 with the November 2022 and January 2023 patch.

tags | exploit, arbitrary, kernel, root, code execution, proof of concept
advisories | CVE-2022-46395
SHA-256 | 1c81e6cc4abcfe0ecb1417d1ee980963d887a2109472ab157bbd2c2fa62921ef
Android Arm Mali GPU Arbitrary Code Execution
Posted Jun 11, 2023
Authored by Man Yue Mo, GitHub Security Lab

Proof of concept exploit for the Arm Mali GPU that can be used to gain arbitrary kernel code execution from the untrusted app domain, which is then used to disable SELinux and gain root. The exploit is tested on the Google Pixel 6. The original exploit that was sent to Google is included as hello-jni.c as a reference and was tested on the July 2022 patch of the Pixel 6. Due to the fact that Pixel 6 cannot be downgraded from Android 13 to Android 12, an updated version of the exploit, mali_shrinker_mmap.c is included, which supports various firmware in Android 13, including the December patch, which is the latest affected version.

tags | exploit, arbitrary, kernel, root, code execution, proof of concept
advisories | CVE-2022-38181
SHA-256 | bc50f9e9f9fe69b36613124dc79ca07e6c6523713f3c1192a6204b4ec7783f2c
Android Arm Mali GPU Arbitrary Code Execution
Posted Jun 11, 2023
Authored by Man Yue Mo, GitHub Security Lab

Proof of concept exploit for a memory corruption vulnerability in the Arm Mali GPU kernel driver that was reported in January of 2022. The bug can be used to gain arbitrary kernel code execution from the untrusted app domain, which is then used to disable SELinux and gain root. The exploit is tested on the Google Pixel 6 and supports patch levels from November 2021 to February 2022. It is easy to add support for other firmware by changing a few image offsets.

tags | exploit, arbitrary, kernel, root, code execution, proof of concept
advisories | CVE-2022-20186
SHA-256 | 66eea2398301c881c76dc1359392bb4e7585bacb1998c8e4de619ba964588857
Ubuntu Security Notice USN-5998-1
Posted Apr 6, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5998-1 - It was discovered that the SocketServer component of Apache Log4j 1.2 incorrectly handled deserialization. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 16.04 ESM. It was discovered that the JMSSink component of Apache Log4j 1.2 incorrectly handled deserialization. An attacker could possibly use this issue to execute arbitrary code.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2019-17571, CVE-2022-23302, CVE-2022-23305, CVE-2022-23307
SHA-256 | 0e9670eb797b9ec131a46bb75f321c8da3450087baa95b89a755d534ca79e9f4
Lenovo Diagnostics Driver Memory Access
Posted Feb 3, 2023
Authored by jheysel-r7, alfarom256 | Site metasploit.com

This Metasploit module demonstrates how an incorrect access control for the Lenovo Diagnostics Driver allows a low-privileged user the ability to issue device IOCTLs to perform arbitrary physical/virtual memory reads and writes.

tags | exploit, arbitrary
advisories | CVE-2022-3699
SHA-256 | 4d81e8f2ae72805082f511a1afa0427bff321c86d10fa56019672dac926e51f8
io_uring Same Type Object Reuse Privilege Escalation
Posted Feb 1, 2023
Authored by h00die, Mathias Krause, Ryota Shiga | Site metasploit.com

This Metasploit module exploits a bug in io_uring leading to an additional put_cred() that can be exploited to hijack credentials of other processes. This exploit will spawn SUID programs to get the freed cred object reallocated by a privileged process and abuse them to create a SUID root binary that will pop a shell. The dangling cred pointer will, however, lead to a kernel panic as soon as the task terminates and its credentials are destroyed. We therefore detach from the controlling terminal, block all signals and rest in silence until the system shuts down and we get killed hard, just to cry in vain, seeing the kernel collapse. The bug affected kernels from v5.12-rc3 to v5.14-rc7. More than 1 CPU is required for exploitation. Successfully tested against Ubuntu 22.04.01 with kernel 5.13.12-051312-generic.

tags | exploit, shell, kernel, root
systems | linux, ubuntu
advisories | CVE-2022-1043
SHA-256 | ddab5b3975fc82e2a23c5e4e05a57af4893abfbc613df02d507c1013c62dc088
Intel Data Center Manager 5.1 Local Privilege Escalation
Posted Dec 9, 2022
Authored by Julien Ahrens | Site rcesecurity.com

The latest version (5.1) and all prior versions of Intel's Data Center Manager are vulnerable to a local privileges escalation vulnerability using the application user "dcm" used to run the web application and the rest interface. An attacker who gained remote code execution using this dcm user (i.e., through Log4j) is then able to escalate their privileges to root by abusing a weak sudo configuration for the "dcm" user.

tags | exploit, remote, web, local, root, code execution
SHA-256 | 566ceaa70e7ce9a3bd9825a0b7a97b644b608fe05fd23b30746e3017a5408ae6
Red Hat Security Advisory 2022-5053-01
Posted Jun 20, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-5053-01 - Log4j is a tool to help the programmer output log statements to a variety of output targets. Issues addressed include a deserialization vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2019-17571
SHA-256 | d6aae2486a87548e2da8656185a8bb2c62d41cf92abd190bf4dbc8bea522c0e8
Print Spooler Remote DLL Injection
Posted May 25, 2022
Authored by Christophe de la Fuente, Spencer McIntyre, Zhiniang Peng, cube0x0, Xuefeng Li, Zhang Yunhai, Piotr Madej, Zhipeng Huo | Site metasploit.com

The print spooler service can be abused by an authenticated remote attacker to load a DLL through a crafted DCERPC request, resulting in remote code execution as NT AUTHORITY\SYSTEM. This module uses the MS-RPRN vector which requires the Print Spooler service to be running.

tags | exploit, remote, code execution
advisories | CVE-2021-1675, CVE-2021-34527
SHA-256 | 1720ad267b345d6b91409cdb01c0ab129fc9f485ac71c4c4a816698bd6351239
Watch Queue Out-Of-Bounds Write
Posted Apr 21, 2022
Authored by Jann Horn, bwatters-r7, bonfee | Site metasploit.com

This Metasploit module exploits a vulnerability in the Linux Kernel's watch_queue event notification system. It relies on a heap out-of-bounds write in kernel memory. The exploit may fail on the first attempt so multiple attempts may be needed. Note that the exploit can potentially cause a denial of service if multiple failed attempts occur, however this is unlikely.

tags | exploit, denial of service, kernel
systems | linux
advisories | CVE-2022-0995
SHA-256 | b59181d9b536ad31ebdc6b3f83985c65e49fbe3242468f7709e7bb7a2d4b1e5f
Page 1 of 4
Back1234Next

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    0 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close