AlienVault OSSIM/USM < 5.3.1 - Remote Code Execution (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule "AlienVault OSSIM/USM Remote Code Execution", 'Description' = %q This module exploits object injection, authentication bypass an...

Cisco WebEx Chrome Extension RCE (CVE-2017-3823)

This module exploits a vulnerability present in the Cisco WebEx Chrome Extension version 1.0.1 which allows an attacker to execute arbitrary commands on a system. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class...

Advantech WebAccess 8.1 Post Authentication Credential Collector

This module allows you to log into Advantech WebAccess 8.1, and collect all of the credentials. Although authentication is required, any level of user permission can exploit this vulnerability. Note that 8.2 is not suitable for this. This module requires Metasploit: https://metasploit.com/downloa...

Mozilla Firefox nsSMILTimeContainer::NotifyTimeChange() Remote Code Execution Exploit

This Metasploit module exploits an out-of-bounds indexing/use-after-free condition present in nsSMILTimeContainer::NotifyTimeChange across numerous versions of Mozilla Firefox on Microsoft Windows. This module requires Metasploit: http://metasploit.com/download Current source:...

Disk Savvy Enterprise - GET Buffer Overflow (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'DiskSavvy Enterprise GET Buffer Overflow', 'Description' = %q This module exploits a stack-based buffer overflow vulnerability ...

DiskSavvy Enterprise GET Buffer Overflow

This module exploits a stack-based buffer overflow vulnerability in the web interface of DiskSavvy Enterprise v9.1.14 and v9.3.14, caused by improper bounds checking of the request path in HTTP GET requests sent to the built-in web server. This module has been tested successfully on Windows XP SP...

DiskBoss Enterprise - GET Buffer Overflow (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'DiskBoss Enterprise GET Buffer Overflow', 'Description' = %q This module exploits a stack-based buffer overflow vulnerability i...

Malware exploit: Dakcomet

Dakcomet Kevin Breen - DarkComet From Defense To Offense - Identify your Attacker Slides POC by Shawn Denbow and Jesse Herts Wikipedia Vulnerabilities Remote file read Data base poisoning SQL injection DarkComet ToolKit DarkComet Metasploit Module Last updated on 14th Jan 2017 None...

Cisco Firepower Management Console 6.0 - Post Authentication UserAdd (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule "Cisco Firepower Management Console 6.0 Post Authentication UserAdd Vulnerability", 'Description' = %q This module exploits a...

Zyxel / Eir D1000 DSL Modem NewNTPServer Command Injection Over TR-064 Exploit

Broadband DSL modems manufactured by Zyxel and distributed by some European ISPs are vulnerable to a command injection vulnerability when setting the 'NewNTPServer' value using the TR-64 SOAP-based configuration protocol. In the tested case, no authentication is required to set this value on...

PowerShellEmpire Arbitrary File Upload (Skywalker) Exploit

A vulnerability existed in the PowerShellEmpire server prior to commit f030cf62 which would allow an arbitrary file to be written to an attacker controlled location with the permissions of the Empire server. This exploit will write the payload to /tmp/ directory followed by a cron.d file to execu...

PowerShellEmpire Arbitrary File Upload (Skywalker)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'PowerShellEmpire Arbitrary File Upload Skywalker', 'Description' = %q A vulnerability existed in the PowerShellEmpire server...

DLink DIR Routers HNAP Login Stack Buffer Overflow Vulnerability

A stack buffer overflow affects several D-Link routers and can be exploited by an unauthenticated attacker. The interesting thing about this vulnerability is that it affects both ARM and MIPS devices, so exploitation is slightly different for each type. A stack bof in several Dlink routers, which...

UNIX Gather AWS Keys

This module will attempt to read AWS configuration files .aws/config, .aws//credentials and .s3cfg for users discovered on the session'd system and extract AWS keys from within. This module requires Metasploit: https://metasploit.com/download Current source:...

Telpho10 Backup Credentials Dumper

This module exploits a vulnerability present in all versions of Telpho10 telephone system appliance. This module generates a configuration backup of Telpho10, downloads the file and dumps the credentials for admin login, phpmyadmin, phpldapadmin, etc. This module has been successfully tested on t...

Hak5 WiFi Pineapple Preconfiguration Command Injection 2

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Hak5 WiFi Pineapple Preconfiguration Command Injection', 'Description' = %q This module exploits a command injection...

Hak5 WiFi Pineapple Preconfiguration Command Injection 2

This Metasploit module exploits a command injection vulnerability on WiFi Pineapples versions 2.0 and below and pineapple versions prior to 2.4. We use a combination of default credentials with a weakness in the anti-csrf generation to achieve command injection on fresh pineapple devices prior to...

PowerShellEmpire Arbitrary File Upload (Skywalker)

A vulnerability existed in the new Empire maintained by BC Security prior to commit e73e883 Authors Spencer McIntyre Erik Daguerre ACE-Responder Takahiro Yokoyama Platform Linux,Python This module requires Metasploit: https://metasploit.com/download Current source:...

Allwinner 3.4 Legacy Kernel Local Privilege Escalation

Exploit for hardware platform in category remote exploits This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require "msf/core" class MetasploitModule "Allwinner 3.4 Legacy Kernel Local Privilege Escalation", "Description...

Linux Kernel recvmmsg Privilege Escalation

This module attempts to exploit CVE-2014-0038, by sending a recvmmsg system call with a crafted timeout pointer parameter to gain root. This exploit has offsets for 3 Ubuntu 13 kernels: 3.8.0-19-generic 13.04 default; 3.11.0-12-generic 13.10 default; 3.11.0-15-generic 13.10. This exploit may take...