Twenty Year Anniversary
Showing 101 - 125 of 2,626 RSS Feed

Shell Files

Easy File Sharing Web Server 7.2 Buffer Overflow
Posted Jul 16, 2017
Authored by N_A

Easy File Sharing Web Server version 7.2 SEH buffer overflow PassWD exploit that spawns a reverse shell.

tags | exploit, web, overflow, shell
MD5 | 0a226fb9ae5920b89126ab6486e607fb
Schneider Electric Pelco Sarix/Spectra Cameras Root Remote Code Execution
Posted Jul 11, 2017
Authored by LiquidWorm | Site

Pelco IP cameras suffer from a code execution vulnerability. The affected cameras suffer from authenticated remote code execution vulnerability. The POST parameter 'enable_leds' located in the update() function called via the GeneralSetupController.php script is not properly sanitised before being used in writeLedConfig() function to enable led state to on or off. A remote attacker can exploit this issue and execute arbitrary system commands granting her system access with root privileges using a specially crafted request and escape sequence to system shell.

tags | exploit, remote, arbitrary, shell, root, php, code execution
MD5 | f60def224c0da5db858f33bf6eef0e47
Barracuda WAF V360 Firmware Early Boot Root Shell
Posted Jul 6, 2017
Authored by Matthew Bergin, Joshua Hardin | Site

Firmware reversing of the Barracuda Web Application Firewall uncovered debug features that should have been removed on the production images. Appending a debugging statement onto a grub configuration line leads to an early boot root shell. Firmware version is affected.

tags | exploit, web, shell, root
MD5 | f6f41f262997fb113e39f15d6d42c39c
Rootkit Hunter 1.4.4
Posted Jun 30, 2017
Authored by Michael Boelen | Site

Rootkit Hunter scans files and systems for known and unknown rootkits, backdoors, and sniffers. The package contains one shell script, a few text-based databases, and optional Perl modules. It should run on almost every Unix variety except Solaris and NetBSD.

Changes: Added the GLOBSTAR configuration file option. This will set the shells globstar option to allow recursive checks of directories. By default this option is disabled. Added a Japanese translation file. Added support for the 'BSDng' package manager option. This can be used by those BSD systems which have the 'pkg' command available (currently later FreeBSD systems). Various other improvements and bug fixes made.
tags | tool, shell, perl, integrity, rootkit
systems | netbsd, unix, solaris
MD5 | c625bcb5e226d1f2a7a3a530b7e4fbd9
Linux/x86 Bind Shell Shellcode
Posted Jun 26, 2017
Authored by wetw0rk

75 bytes small Linux/x86 shellcode that binds a shell to port 4444. Contains no NULLs.

tags | shell, x86, shellcode
systems | linux
MD5 | 501256220065b8b18c393c129a24f35f
Invision Power Board XSS / CSRF / File Upload / Disclosure
Posted Jun 14, 2017
Authored by Project Insecurity, CDL, dkb | Site

Invision Power Board version suffers from reflective and stored cross site scripting, cross site request forgery, information disclosure, file upload, and shell access vulnerabilities.

tags | exploit, shell, vulnerability, xss, info disclosure, file upload, csrf
MD5 | a22518e9d6c3e73504202b0d32770349
MyBB 1.8.12 Stored XSS / File Enumeration
Posted Jun 13, 2017
Authored by Project Insecurity, MLT | Site

MyBB versions 1.8.12 and prior is vulnerable to a cross site scripting bug which can allow a moderator to take over an administrator's account and upload a webshell, or perform file enumeration in the instances where it is not possible to spawn a shell.

tags | exploit, shell, xss
MD5 | 002a68cf2fe01ab017ee3d244b021e6b
WPForce 1.0.0
Posted Jun 12, 2017
Authored by n00py | Site

WPForce is a suite of Wordpress Attack tools. Currently this contains 2 scripts - WPForce, which brute forces logins via the API, and Yertle, which uploads shells once admin credentials have been found. Yertle also contains a number of post exploitation modules.

tags | tool, shell, scanner
systems | unix
MD5 | 1cbb5b143c74242defcaf578c5b9a98e
Windows UAC Protection Bypass (Via FodHelper Registry Key)
Posted Jun 7, 2017
Authored by amaloteaux, winscriptingblog | Site

This Metasploit module will bypass Windows 10 UAC by hijacking a special key in the Registry under the current user hive, and inserting a custom command that will get invoked when the Windows fodhelper.exe application is launched. It will spawn a second shell that has the UAC flag turned off. This Metasploit module modifies a registry key, but cleans up the key once the payload has been invoked. The module does not require the architecture of the payload to match the OS. If specifying EXE::Custom your DLL should call ExitProcess() after starting your payload in a separate process.

tags | exploit, shell, registry
systems | windows
MD5 | b20812c1abf3d3375be101013cd12af0
ModX CMS Proof Of Concept Shell Upload
Posted May 31, 2017
Authored by Cody Sixteen

This proof of concept code shows how manager functionality can be abused in ModX CMS to upload a shell.

tags | exploit, shell, proof of concept
MD5 | 4a9e82ae99c6a9dbf9554d110145a1a4
Joomla 3.x Proof Of Concept Shell Upload
Posted May 28, 2017
Authored by Cody Sixteen

This proof of concept code shows how administrator functionality can be abused in Joomla to upload a shell.

tags | exploit, shell, proof of concept, file upload
MD5 | 5342f1f41088abee2af959b87cbce235
DokuWiki Proof Of Concept Shell Upload
Posted May 28, 2017
Authored by Cody Sixteen

This proof of concept code shows how administrative functionality can be abused in DokuWiki to upload a shell.

tags | exploit, shell, proof of concept
MD5 | 729d40f68a98bc4c5c3dc2afec215396
Concrete5 Proof Of Concept Shell Upload
Posted May 28, 2017
Authored by Cody Sixteen

This proof of concept code shows how functionality can be abused in Concrete5 to upload a shell.

tags | exploit, shell, proof of concept
MD5 | 9745e0705ed0168941e97981a8f2ab5b
MS17-010 EternalBlue SMB Remote Windows Kernel Pool Corruption
Posted May 17, 2017
Authored by Sean Dillon, Shadow Brokers, Dylan Davis, Equation Group | Site

This Metasploit module is a port of the Equation Group ETERNALBLUE exploit, part of the FuzzBunch toolkit released by Shadow Brokers. There is a buffer overflow memmove operation in Srv!SrvOs2FeaToNt. The size is calculated in Srv!SrvOs2FeaListSizeToNt, with mathematical error where a DWORD is subtracted into a WORD. The kernel pool is groomed so that overflow is well laid-out to overwrite an SMBv1 buffer. Actual RIP hijack is later completed in srvnet!SrvNetWskReceiveComplete. This exploit, like the original may not trigger 100% of the time, and should be run continuously until triggered. It seems like the pool will get hot streaks and need a cool down period before the shells rain in again.

tags | exploit, overflow, shell, kernel
advisories | CVE-2017-0143, CVE-2017-0144, CVE-2017-0145, CVE-2017-0146, CVE-2017-0147, CVE-2017-0148
MD5 | aa3f38db6f272747aa8f84141f87e6e4
Ubuntu Security Notice USN-3287-1
Posted May 15, 2017
Authored by Ubuntu | Site

Ubuntu Security Notice 3287-1 - Timo Schmid discovered that the Git restricted shell incorrectly filtered allowed commands. A remote attacker could possibly use this issue to run an interactive pager and access sensitive information.

tags | advisory, remote, shell
systems | linux, ubuntu
advisories | CVE-2017-8386
MD5 | 0110cf09f15d41eb58c3c144079994c7
Debian Security Advisory 3848-1
Posted May 10, 2017
Authored by Debian | Site

Debian Linux Security Advisory 3848-1 - Timo Schmid of ERNW GmbH discovered that the Git git-shell, a restricted login shell for Git-only SSH access, allows a user to run an interactive pager by causing it to spawn "git upload-pack --help".

tags | advisory, shell
systems | linux, debian
advisories | CVE-2017-8386
MD5 | e60c0d507349db5ea9c6655ff7195174
Linux/x86-64 Reverse Shell Shellcode
Posted May 8, 2017
Authored by Srakai

113 bytes small Linux/x86-64 reverse shell shellcode for IPv6.

tags | shell, x86, shellcode
systems | linux
MD5 | ac5201873bbc6a9ce91386d7e9e153d6
Easy File Uploader Remote Shell Upload
Posted Apr 27, 2017
Authored by Daniel Godoy

Easy File Uploader suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell, file upload
MD5 | 8ac3610167d2a6610763fae78f9e7f29
Solarwinds LEM 6.3.1 Management Shell Arbitrary File Read
Posted Apr 24, 2017
Authored by Hank Leininger, Matthew Bergin | Site

The management shell on Solarwinds Log and Event Manager Virtual Appliance version 6.3.1 allows the end user to edit the MOTD banner displayed during SSH logon. The editor provided for this is nano. This editor has a keyboard mapped function which lets the user import a file from the local file system into the editor. An attacker can abuse this to read arbitrary files within the allowed permissions.

tags | exploit, arbitrary, shell, local
MD5 | f78a6aa709d515f34ff4063017a41667
Solarwinds LEM 6.3.1 Shell Escape Command Injection
Posted Apr 24, 2017
Authored by Hank Leininger, Matthew Bergin | Site

Insufficient input validation in the management interface can be leveraged in order to execute arbitrary commands. This can lead to (root) shell access to the underlying operating system on Solarwinds Log and Event Manager Virtual Appliance version 6.3.1.

tags | exploit, arbitrary, shell, root
MD5 | c05724ef34080811a5c98ed6a6d254cf
October CMS 1.0.412 Code Execution / Shell Upload
Posted Apr 20, 2017
Authored by Anti Rais

October CMS version 1.0.412 suffers from access bypass, cross site scripting, code execution, and remote shell upload vulnerabilities.

tags | exploit, remote, shell, vulnerability, code execution, xss
MD5 | e702737b1f0f3d12d56ab625156a9afc
Huawei HG532n Command Injection
Posted Apr 17, 2017
Authored by Ahmed S. Darwish | Site

This Metasploit module exploits a command injection vulnerability in the Huawei HG532n routers provided by TE-Data Egypt, leading to a root shell. The router's web interface has two kinds of logins, a "limited" user:user login given to all customers and an admin mode. The limited mode is used here to expose the router's telnet port to the outside world through NAT port-forwarding. With telnet now remotely accessible, the router's limited "ATP command line tool" (served over telnet) can be upgraded to a root shell through an injection into the ATP's hidden "ping" command.

tags | exploit, web, shell, root
MD5 | 5846ef508d85837a4608f1c94c201d64
Magento 2.1.6 Shell Upload / Cross Site Request Forgery
Posted Apr 13, 2017
Authored by DefenseCode, Bosko Stankovic

Magento versions 2.1.6 and below suffers from cross site request forgery and shell upload vulnerabilities.

tags | exploit, shell, vulnerability, csrf
MD5 | 7eac7c985713b9e6f32be4da1b6565bb
SolarWind LEM Default SSH Password Remote Code Execution
Posted Apr 4, 2017
Authored by Mehmet Ince | Site

This Metasploit module exploits the default credentials of SolarWind LEM. A menu system is encountered when the SSH service is accessed with the default username and password which is "cmc" and "password". By exploiting a vulnerability that exist on the menuing script, an attacker can escape from restricted shell. This Metasploit module was tested against SolarWinds LEM v6.3.1.

tags | exploit, shell
MD5 | b551077e34268bd111ec9232032426a6
Pixie 1.0.4 Shell Upload
Posted Apr 2, 2017
Authored by rungga_reksya, dvnrcy, dickysofficial

Pixie version 1.0.4 suffers from a remote shell upload vulnerability

tags | exploit, remote, shell
advisories | CVE-2017-7402
MD5 | 1f0acf66c9b658bf16eec854d80970ba
Page 5 of 105

Want To Donate?

Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

July 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    1 Files
  • 2
    Jul 2nd
    26 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    11 Files
  • 5
    Jul 5th
    13 Files
  • 6
    Jul 6th
    4 Files
  • 7
    Jul 7th
    4 Files
  • 8
    Jul 8th
    1 Files
  • 9
    Jul 9th
    16 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    32 Files
  • 12
    Jul 12th
    22 Files
  • 13
    Jul 13th
    15 Files
  • 14
    Jul 14th
    1 Files
  • 15
    Jul 15th
    1 Files
  • 16
    Jul 16th
    21 Files
  • 17
    Jul 17th
    15 Files
  • 18
    Jul 18th
    15 Files
  • 19
    Jul 19th
    17 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2018 Packet Storm. All rights reserved.

Security Services
Hosting By