Razer US: Heart-bleed Vulnerability that leads to disclose sensitive information from the memory

Summary: Upon doing penetration testing on the Rezar domains, I have found that on of the domains is vulnerable to the heartbleed vulnerability, but I am not sure that careers.razerzone.com is in scope. Because of the dangerous of the vulnerability, I took further step to report. The Heartbleed B...

Wordpwn: A Malicious WordPress Plugin Generator

PenTestIT RSS Feed I have covered about multiple tools that deal with WordPress vulnerability assessments and exploitation. A very good example of WordPress exploitation framework is the WPXF and the WordPress attack suite is aptly represented by WPForce & Yertle. This post is about Wordpwn, whic...

CVE-2017-9769

A specially crafted IOCTL can be issued to the rzpnk.sys driver in Razer Synapse 2.20.15.1104 that is forwarded to ZwOpenProcess allowing a handle to be opened to an arbitrary process. Recent assessments: zeroSteiner at November 21, 2019 11:14pm UTC reported: Analysis The Razer rzpnk.sys driver...

Eternal - An internet scanner for Eternal Blue [exploit CVE-2017-0144]

Eternal scanner is a network scanner for Eternal Blue exploit CVE-2017-0144. Requirements masscan metasploit-framework How to Install git clone https://github.com/peterpt/eternalscanner.git cd eternalscanner && ./escan OR ./escan -h to change scanner speed Install Requirements apt-get install...

Viproy - VoIP Penetration Testing and Exploitation Kit

Viproy Voip Pen-Test Kit provides penetration testing modules for VoIP networks. It supports signalling analysis for SIP and Skinny protocols, IP phone services and network infrastructure. Viproy 2.0 is released at Blackhat Arsenal USA 2014 with TCP/TLS support for SIP, vendor extentions support,...

Recent Python Meterpreter Improvements

The Python Meterpreter has received quite a few improvements this year. In order to generate consistent results, we now use the same technique to determine the Windows version in both the Windows and Python instances of Meterpreter. Additionally, the native system language is now populated in the...

WinSCP 5.9.4 - LIST Denial of Service Exploit

Exploit for windows platform in category dos / poc Exploit Title: WinSCP 5.9.4 - LIST Command Denial of service Crush application Date: 4-4-2017 mm.dd.yy Exploit Author: M.Ibrahim email protected E-Mail: vulnbug gmail.com Vendor Home Page: https://winscp.net/eng/index.php Vendor download link:...

AntiVirus Evasion Reconstructed – Veil 3.0

The Veil Framework is a collection of tools designed for use during offensive security testing. When the time calls for it, Mandiant’s Red Team will use the Veil-Framework to help achieve their objective. The most commonly used tool is Veil-Evasion, which can turn an arbitrary script or piece of...

RogueSploit - Powerfull social engeering Wi-Fi trap!

RogueSploit is an open source automated script made to create a Fake Acces Point, with dhcpd server, dns spoofing, host redirection, browserautopwn1 or autopwn2 or beef+mitmf. TO DO LIST: Add BeEF;DONE Add MITMF;DONE Add BDFProxy; Add SeToolkit; Add Hostapd as fake ap; Add some features; What you...

Enigma Fileless UAC Bypass

a This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ Exploit Title : enigmafilelessuacbypass.rb Module...

WordPress Userpro Remote File Upload Exploit

This Metasploit module exploits an arbitrary PHP code upload in thewordpress Ifileupload plugin, The vulnerability allows for unauthorization file upload and remote code execution. Exploit Title : Wordpress Userpro Remote File Upload Exploit Author : Ashiyane Digital Security Team Vendor Homepage...

Octopus Deploy Login Utility

This module simply attempts to login to an Octopus Deploy server using a specific username and password. It has been confirmed to work on version 3.4.4 This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require...

Algolia: RCE on facebooksearch.algolia.com

While doing recon on Algolia, I found that the session secret for facebooksearch.algolia.com has been committed to a public GitHub repository. Since the Rails app running at facebooksearch.algolia.com is using CookieStore as the session storage, this means an attacker knowing the session secret c...

PHP Utility Belt - Remote Code Execution (Metasploit)

Exploit for php platform in category remote exploits This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit4 'PHP Utility Belt Remote Code Execution', 'Description' = %q This module exploit...

ATutor 2.2.1 - SQL Injection / Remote Code Execution (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'ATutor 2.2.1 SQL Injection / Remote Code Execution', 'Description' = %q This module exploits a SQL Injection vulnerability and an...

Linux Embedded Firmware Dynamic Analysis: FIRMADYNE

FIRMADYNE is an automated and scalable system for performing emulation and dynamic analysis of Linux-based embedded firmware. It includes the following components: modified kernels MIPS: v2.6.32 , ARM: v4.1 , v3.10 for instrumentation of firmware execution; a userspace NVRAM library to emulate a...

HD Moore Leaves Rapid7 for Venture Capital Opportunity

HD Moore, creator of the Metasploit Framework and a security innovator behind a number of Internet-wide security research projects, is moving into venture capital. Moore announced yesterday that he is leaving his current post as chief research officer at Rapid7 on Jan. 29 for a new opportunity in...

Sysaid Helpdesk Software 14.4.32 b25 - SQL Injection Vulnerability

Exploit for windows platform in category remote exploits Exploit Title: Sysaid Helpdesk Software Unauthenticated SQLi Date: 28.11.2015 Exploit Author: hland Vendor Homepage: https://www.sysaid.com/ Version: v14.4.32 b25 Tested on: Windows 7, Windows 10 Blog post:...

Advantech Switch Bash Environment Variable Code Injection Exploit

This Metasploit module exploits the Shellshock vulnerability, a flaw in how the Bash shell handles external environment variables. This Metasploit module targets the 'ping.sh' CGI script, accessible through the Boa web server on Advantech switches. This Metasploit module was tested against firmwa...

Idera Up.Time Monitoring Station 7.0 - 'post2file.php' Arbitrary File Upload (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Idera Up.Time Monitoring Station 7.0 post2file.php Arbitrary File Upload', 'Description' = %q This module exploits an arbitrary file...