what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 10 of 10 RSS Feed

Files

msadc-trojan.pl
Posted Jan 10, 2000
Authored by r00tabega, Bansh33 | Site r00tabega.com

This script will upload a trojan to an RDS vulnerable site running NT and execute the trojan.

tags | exploit, trojan
SHA-256 | 103493a4c6051cab304f220b22274a4ca432f01306d62d03af4825d7c7bf7105

Related Files

Revenue Collection System 1.0 SQL Injection / Remote Code Execution
Posted Nov 16, 2022
Authored by Joe Pollock

Revenue Collection System version 1.0 suffers from an unauthenticated SQL injection vulnerability in step1.php that allows remote attackers to write a malicious PHP file to disk. The resulting file can then be accessed within the /rates/admin/DBbackup directory. This script will write the malicious PHP file to disk, issue a user-defined command, then retrieve the result of that command.

tags | exploit, remote, php, sql injection
SHA-256 | b41c4f6c71ea1156cfd52b2bd3c354cdb2fc0372d5b22d463c64b50c55b777c0
Gatekeeper Bypass Proof Of Concept
Posted Oct 4, 2021
Authored by Rasmus Sten | Site labs.f-secure.com

This script will create a zip file exploiting CVE-2021-1810 by creating a directory hierarchy deep enough for Archive Utility to fail setting quarantine attributes on certain files while also making some path names long enough to prevent Safari automating unzipping from unpacking the archive. Finally, the script will create a symbolic link at the top level, making the zip file appear like a normal app bundle zip file.

tags | exploit, bypass
advisories | CVE-2021-1810
SHA-256 | 27f01873128025928ef40392c54869c04de239ae765903eac4c672f993c9065b
Oracle WebLogic Server Java Deserialization Remote Code Execution
Posted Sep 29, 2017
Authored by SlidingWindow, FoxGloveSecurity

This exploit tests the target Oracle WebLogic Server for Java Deserialization remote code execution vulnerability. The ysoserial payload causes the target to send Ping requests to the attacking machine. You can monitor ICMP ECHO requests on your attacking machine using TCPDump to know if the exploit was successful. Feel free to modify the payload (chunk2) with that of your choice. Do not worry about modifying the payload length each time you change the payload as this script will do it for you on the fly. Versions affected include 10.3.6.0, 12.1.2.0, 12.1.3.0 and 12.2.1.0.

tags | exploit, java, remote, code execution
advisories | CVE-2015-4852
SHA-256 | ac556f1550022f3147ba71eb384d81217f8f01394258077e4047ca66a5f06464
MF Sniffer TN3270 Password Grabber
Posted Mar 14, 2013
Authored by Soldier of Fortran

MF Sniffer is a python script for capturing unencrypted TSO login credentials. It requires Scapy. Given an interface, IP and port this script will try to sniff mainframe user IDs and passwords sent over cleartext using TN3270 (tested against x3270, TN3270Plux and TN3270X). This script does not work if the mainframe is using SSL encryption.

tags | tool, sniffer, python
SHA-256 | 2f8ddc0ba0bec2aac0376b8862e3276847ef5e50cf7cb4cd1696b477d19a726d
Microsoft IIS MDAC msadcs.dll RDS Arbitrary Remote Command Execution
Posted Jun 7, 2012
Authored by patrick | Site metasploit.com

This Metasploit module can be used to execute arbitrary commands on IIS servers that expose the /msadc/msadcs.dll Microsoft Data Access Components (MDAC) Remote Data Service (RDS) DataFactory service using VbBusObj or AdvancedDataFactory to inject shell commands into Microsoft Access databases (MDBs), MSSQL databases and ODBC/JET Data Source Name (DSN). Based on the msadcs.pl v2 exploit by Rain.Forest.Puppy, which was actively used in the wild in the late Ninties. MDAC versions affected include MDAC 1.5, 2.0, 2.0 SDK, 2.1 and systems with the MDAC Sample Pages for RDS installed, and NT4 Servers with the NT Option Pack installed or upgraded 2000 systems often running IIS3/4/5 however some vulnerable installations can still be found on newer Windows operating systems. Note that newer releases of msadcs.dll can still be abused however by default remote connections to the RDS is denied. Consider using VERBOSE if you're unable to successfully execute a command, as the error messages are detailed and useful for debugging. Also set NAME to obtain the remote hostname, and METHOD to use the alternative VbBusObj technique.

tags | exploit, remote, arbitrary, shell
systems | windows
advisories | CVE-1999-1011
SHA-256 | 382234f494b3e6be1ceaa9dc39e8b06bf8faad703997a8f0eec9259b5d187113
Msadcs.exe
Posted Aug 31, 2000
Authored by Neon-Lenz | Site TheGovernment.com

MSADCS.DLL Checker is a program for Windows 9x that checks a web server for MSADCS.DLL and the location of the public directory. When the msadc2.pl RDS exploit is located in the same directory as MSADCS.DLL Checker, it will attempt to run the exploit on the target webserver.

tags | web
systems | windows
SHA-256 | 547854dac0db09e8be775f2c9e2f26e8ad988ba699ab79ab48947751047992a7
frontpage.pl
Posted Mar 29, 2000
Authored by r00tabega, Bansh33 | Site r00tabega.com

Everybody knows about the _vti_pvt password files, but what about those misconfigured Frontpage servers that allow remote login and authoring without a login and password? This script will check for both vulnerabilties.

tags | tool, remote, scanner
systems | unix
SHA-256 | 9040980cfe8b96a201e33ee28fbdd4f0ee1d4f87da6b7f725166cb677e745d00
printtool.sh
Posted Mar 20, 2000
Authored by Phonic | Site hack.co.za

printtool is an X11 printer configuration tool shipped with RedHat Linux and possibly other linux distributions. When configuring a printer with printtool, the permissions of the config file are set world-readable. When this happens, this script will kick in and give you the password.

tags | exploit
systems | linux, redhat
SHA-256 | 7595d758939654cb1d717d248da15ef5cdd8257cceeab9d8435768872eebf6a1
msadcscan-unix.c
Posted Dec 13, 1999
Authored by synnergy, elux | Site synnergy.net

Synnergy Networks msadc scanner - This is just a basic string scanner that happens to scan for the msadc module string.

SHA-256 | 43eb2a907f3b1f2f09d00bfb5c51fe0347776efd1e8c47248536521263f254a9
msadc2.pl
Posted Nov 2, 1999
Authored by rain forest puppy

MSADC/RDS exploit script version 2.

Changes: added UNC support.
tags | exploit
SHA-256 | a24edf16f5e5055b6474324b0bffe2534dbf1db3fd73eb604a0b5591fb1a750d
Page 1 of 1
Back1Next

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    28 Files
  • 7
    May 7th
    3 Files
  • 8
    May 8th
    4 Files
  • 9
    May 9th
    54 Files
  • 10
    May 10th
    12 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    17 Files
  • 14
    May 14th
    11 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    13 Files
  • 17
    May 17th
    22 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    17 Files
  • 21
    May 21st
    18 Files
  • 22
    May 22nd
    7 Files
  • 23
    May 23rd
    111 Files
  • 24
    May 24th
    27 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    6 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close