Druva inSync client for Windows exposes a network service on TCP port 6064 on the local network interface. inSync versions 6.5.2 and prior do not validate user-supplied program paths in RPC type 5 messages, allowing execution of arbitrary commands as SYSTEM. This Metasploit module has been tested successfully on inSync version 6.5.2r99097 on Windows 7 SP1 (x64).
12e3b974b7cb427087439bf5f922afb373bca8c3346525b183f6422b28801319
Red Hat Security Advisory 2020-1725-01 - The haproxy packages provide a reliable, high-performance network load balancer for TCP and HTTP-based applications. Issues addressed include a HTTP request smuggling vulnerability.
70440f69de06b5af489ae2f8c8489291f418f4e9f8e38d2401271421d54881f2
Red Hat Security Advisory 2020-1702-01 - The rsyslog packages provide an enhanced, multi-threaded syslog daemon. It supports MySQL, syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part, and fine-grained control over output format. Issues addressed include a heap overflow vulnerability.
8f2c142f2755284356d752a2a9083db5906f1c101b0473922a4651d6c653e11b
Debian Linux Security Advisory 4649-1 - Felix Wilhelm of Google Project Zero discovered that HAProxy, a TCP/HTTP reverse proxy, did not properly handle HTTP/2 headers. This would allow an attacker to write arbitrary bytes around a certain location on the heap, resulting in denial-of-service or potential arbitrary code execution.
80baf89b62669c231d6573be3cd65d0c449865262825b3da687c69972b88fa1f
80 bytes small Linux/x86 reverse shell generator shellcode with customizable TCP port and IP address.
b6288f9069a67ab9a6e3d01fe3b23d7615e89b3fbb4002b6507be11140b269ff
Red Hat Security Advisory 2020-1288-01 - The haproxy packages provide a reliable, high-performance network load balancer for TCP and HTTP-based applications. Issues addressed include an out of bounds write vulnerability.
89719e6b81441f976dd3381193a1c7ab82863d5a4068e38baa0bcc2c20bca64d
Red Hat Security Advisory 2020-1290-01 - HAProxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments. Issues addressed include an out of bounds write vulnerability.
8543e7b94677e15978de5119c6ea1bc027dd4b9630ee58bbf3947abb1242a170
Red Hat Security Advisory 2020-1289-01 - The haproxy packages provide a reliable, high-performance network load balancer for TCP and HTTP-based applications. Issues addressed include an out of bounds write vulnerability.
43f7dbed2caec40c2917358ab5796636cad13980c6528820ebaf5c8d42ea78dc
Red Hat Security Advisory 2020-1000-01 - The rsyslog packages provide an enhanced, multi-threaded syslog daemon. It supports MySQL, syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part, and fine-grained control over output format. A heap-based overflow was addressed.
a05f2d02c4e050654376794065fcd0c944afaa09edf293301111c78112a800ec
nullscan is a modular framework designed to chain and automate security tests. It parses target definitions from the command line and runs corresponding modules and their nullscan-tools afterwards. It can also take hosts and start nmap first in order to perform a basic portscan and run the modules afterwards. Also, nullscan can parse a given nmap logfile for open tcp and udp ports and again run the modules afterwards. All results will be logged in specified directories with a clean structure and an HTML report can subsequently be generated.
1da37356f0e6207cb790e560e1a98270c3634a6f5b57a81d9d96288dc9cb5be2
Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
958a5045c8a59fa700876133f5194c0b5962c1980df9cf0fee1207d048e18ebe
This whitepaper provides an overview of the MQTT protocol. MQTT is a is an open OASIS and ISO standard (ISO/IEC PRF 20922) lightweight, simple machine to machine TCP/IP based protocol which can be used for communication between IoT devices.
78e054c75221b860ea376398c58871b6df4560e564b271b438e6fbc6930c17c3
CHIYU BF430 TCP IP Converter suffers from a persistent cross site scripting vulnerability.
a97e6652b54a6e213462a18bf798714e11945b4cee44fe4556ec6fbe64c90f92
This exploit uses the Cable Haunt vulnerability to open a shell for the Sagemcom F@ST 3890 (50_10_19-T1) cable modem. The exploit serves a website that sends a malicious websocket request to the cable modem. The request will overflow a return address in the spectrum analyzer of the cable modem and using a rop chain start listening for a tcp connection on port 1337. The server will then send a payload over this tcp connection and the modem will start executing the payload. The payload will listen for commands to be run in the eCos shell on the cable modem and redirect STDOUT to the tcp connection.
658e656e50297dc9328be51b95fa17458c6d29e74f2464a318d0eabe41049aa0
188 bytes small Lnux/x64 reverse TCP stager shellcode.
591019260910193e4c2e2e0f050fbb9e22e4ce33e8a1c99cfcee1b71f9f72dc2
Debian Linux Security Advisory 4577-1 - Tim Dusterhus discovered that haproxy, a TCP/HTTP reverse proxy, did not properly sanitize HTTP headers when converting from HTTP/2 to HTTP/1. This would allow a remote user to perform CRLF injections.
354b9471b47cedf156fae21fdd08eeb96eab9831e2b07a6b5c32125d5f285f6c
Ubuntu Security Notice 4197-1 - It was discovered that Bind incorrectly handled certain TCP-pipelined queries. A remote attacker could possibly use this issue to cause Bind to consume resources, resulting in a denial of service.
a45a34a52cb88dfe6f7cca466bbfa3d532ee0e6d4c77eec287474dcd8e6290d4
This Metasploit module uses the FreeSWITCH event socket interface to execute system commands using the system API command. The event socket service is enabled by default and listens on TCP port 8021 on the local network interface. This module has been tested successfully on FreeSWITCH versions: 1.6.10-17-726448d~44bit on FreeSWITCH-Deb8-TechPreview virtual machine; 1.8.4~64bit on Ubuntu 19.04 (x64); and 1.10.1~64bit on Windows 7 SP1 (EN) (x64).
2af6ba6d2dae98ab9fd3f1dbb8b8f6ec3e20238f5bef67966c656048edd77ffc
Whitepaper called Covert Channel and Data Hiding in TCP/IP.
ee6c94c7e37da8cedd6c14da5b0c23870bbf9aaf399d2fe36aa251541bf12313
Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
71af9918773e9028decc9c58136a9f56713a2951ed97b1130c0d6a01fe95eeab
A FortiSIEM collector connects to a Supervisor/Worker over HTTPS TLS (443/TCP) to register itself as well as relaying event data such as syslog, netflow, SNMP, etc. When the Collector (the client) connects to the Supervisor/Worker (the server), the client does not validate the server-provided certificate against its root-CA store. Since the client does no server certificate validation, this means any certificate presented to the client will be considered valid and the connection will succeed. If an attacker spoofs a Worker/Supervisor using an ARP or DNS poisoning attack (or any other MITM attack), the Collector will blindly connect to the attacker's HTTPS TLS server. It will disclose the authentication password used along with any data being relayed. Versions 5.0 and 5.2.1 have been tested and are affected.
dbc1310afdd15da14c73881539c81b6d75bfa93a15e200bb1094631bd6549cbe
53 bytes small Linux/x86 bind TCP port 43690 null-free shellcode.
72ee8e6b0c1bb5959452806f1adf21697514884ba37f888de728a9f0fdb94820
Linux/x86 TCP reverse shell 127.0.0.1 nullbyte free shellcode.
329c527166985f21f8066e80dbde39d0834fcb98733657d062bf3926cdfd341f
120 bytes small Linux/x86_64 reverse (127.0.0.1:4444/TCP) shell (/bin/sh) + password (pass) shellcode.
1c38c103a596fcb64ef48d59fd8c0f6942b90a78da6f307b1b22480e5eb523e5
157 bytes small Linux/MIPS64 reverse (localhost:4444/TCP) shell shellcode.
0e371de6c42c802891f465341b83b23f73f24fea23abf8aa1e01af9d67db8681