CVE-2018-0052

If RSH service is enabled on Junos OS and if the PAM authentication is disabled, a remote unauthenticated attacker can obtain root access to the device. RSH service is disabled by default on Junos. There is no documented CLI command to enable this service. However, an undocumented CLI command...

Junos OS: Unauthenticated remote root access possible when RSH service is enabled

If RSH service is enabled on Junos OS and if the PAM authentication is disabled, a remote unauthenticated attacker can obtain root access to the device. RSH service is disabled by default on Junos. There is no documented CLI command to enable this service. However, an undocumented CLI command...

Hershell - Simple TCP reverse shell written in Go

Simple TCP reverse shell written in Go. It uses TLS to secure the communications, and provide a certificate public key fingerprint pinning feature, preventing from traffic interception. Supported OS are: Windows Linux Mac OS FreeBSD and derivatives Why ? Although meterpreter payloads are great,...

Tenable WAS-Scanner 7.4.1708 - Remote Command Execution Vulnerability

Exploit Title: Tenable WAS-Scanner 7.4.1708 - Remote Command Execution Discovery by: Sameer Goyal Vendor Homepage: https://www.tenable.com/ Software Link: https://www.tenable.com/products/tenable-io/web-application-scanning Tested Version: WAS-20180328 Vulnerability Type: Remote Command Execution...

iBombShell: A Dynamic Post-Exploitation Remote Shell

PenTestIT RSS Feed Consider you have a shell on a system and other post-exploitation do not work for you as they are being caught by a security solution on the system. Worry not as we now have iBombShell, a dynamic remote shell that can be run on any system that supports PowerShell. The reason th...

OwlChat 2.0 Remote Shell Upload

Exploit Title: OwlChat Remote Shell Upload Vulnerability Exploit Author: Hesam Bazvand Contact: [email protected] Download Link: http://dl.20script.ir/script/chat/Owl-Chat-v2.0%5Bwww.20script.ir%5D.zip Tested on: Windows 10 / Kali Linux Category: WebApps Video :...

GhostTunnel - A Covert Backdoor Transmission Method That Can Be Used In An Isolated Environment

GhostTunnel is a covert backdoor transmission method that can be used in an isolated environment. It can attack the target through the HID device only to release the payload agent, then the HID device can be removed after the payload is released. GhostTunnel use 802.11 Probe Request Frames and...

Ibombshell - Dynamic Remote Shell

ibombshell is a tool written in Powershell that allows you to have a prompt at any time with post-exploitation functionalities and in some cases exploitation. It is a shell that is downloaded directly to memory providing access to a large number of pentesting features. These functionalities can b...

MacOS Malware Targets Cryptocurrency Community on Slack, Discord

Hackers using MacOS malware are targeting cryptocurrency investors that use both the Slack and Discord chat platforms. The malware, dubbed OSX.Dummy, uses an unsophisticated infection method, but those who are successfully attacked open their systems up to remote arbitrary code execution. “If the...

Oracle Solaris Remote Shell Code Execution (CVE-2017-3623) - Ver2

A security bypass vulnerability has been reported in Oracle Solaris. The vulnerability is due to an error in the way the server validates RPC requests from unauthorized users. A remote attacker can exploit this issue by sending specially crafted RPC requests to the target. Successful exploitation...

Microsoft Windows: Remote Shell Acces

This test checks the setting for policy OpenVAS Vulnerability Test $Id: winremoteshaccess.nasl 11363 2018-09-12 13:46:05Z emoss $ Check value for Allow Remote Shell Access Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks GmbH, http://www.greenbone.net This program is free...

Malicious JavaScript Package Detection

Detection and reporting of known malicious JavaScript packages or package versions. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescripti...

Potential RCE in Nessus 7 and attacks on Vulnerability Scanners

A few days ago I saw an interesting youtube video UPD. 14.05.18 Not available anymore in my Facebook feed. It is demonstrating the exploitation of the RCE vulnerability in Tenable Nessus Professional 7.0.3. Currently we have very few information about this vulnerability: only youtube video, which...

CVE-2017-17539

The presence of a hardcoded account in Fortinet FortiWLC 7.0.11 and earlier allows attackers to gain unauthorized read/write access via a remote shell...

CVE-2017-17540

The presence of a hardcoded account in Fortinet FortiWLC 8.3.3 allows attackers to gain unauthorized read/write access via a remote shell...

Hardcoded credentials

The presence of a hardcoded account in Fortinet FortiWLC 7.0.11 and earlier allows attackers to gain unauthorized read/write access via a remote shell...

Hardcoded credentials

The presence of a hardcoded account in Fortinet FortiWLC 8.3.3 allows attackers to gain unauthorized read/write access via a remote shell...

CVE-2017-17539

The presence of a hardcoded account in Fortinet FortiWLC 7.0.11 and earlier allows attackers to gain unauthorized read/write access via a remote shell...

Fortinet FortiWLC Hardcoded Account Vulnerability (CNVD-2018-10699)

FortiWLC is a wireless controller from Fortinet. A hard-coded account vulnerability exists in versions 7.0.11 and earlier of Fortinet FortiWLC. An attacker can exploit this vulnerability via a remote shell to gain unauthorized read/write access...

Pwning CCTV cameras

CCTV is ubiquitous in the UK. A recent study estimates there are about 1.85m cameras across the UK – most in private premises. Most of those cameras will be connected to some kind of recording device, which these days means a Digital Video Recorder or DVR. DVRs take video feeds from multiple...