IBM Security AppScan 9.0.2 Remote Code Execution

!/usr/bin/python import BaseHTTPServer, socket IBM Security AppScan Standard OLE Automation Array Remote Code Execution Author: Naser Farhadi Linkedin: http://ir.linkedin.com/pub/naser-farhadi/85/b3b/909 Date: 1 June 2015 Version: function runmumaa On Error Resume Next set...

IBM Security AppScan Standard 9.0.2 - OLE Automation Array Remote Code Execution

!/usr/bin/python import BaseHTTPServer, socket IBM Security AppScan Standard OLE Automation Array Remote Code Execution Author: Naser Farhadi Linkedin: http://ir.linkedin.com/pub/naser-farhadi/85/b3b/909 Date: 1 June 2015 Version: function runmumaa On Error Resume Next set shell=createobject"Shel...

Windows Powershell Execution Post Module

This module will execute a powershell script in a meterpreter session. The user may also enter text substitutions to be made in memory before execution. Setting VERBOSE to true will output both the script prior to execution and the results. This module requires Metasploit:...

Load Scripts Into PowerShell Session

This module will download and execute one or more PowerShell scripts over a present powershell session. Setting VERBOSE to true will show the stager results. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class...

HP Operations Orchestration 10.x Remote Information Disclosure

The remote host has a version of HP Operations Orchestration installed that is 10.x prior to 10.21.0001. It is, therefore, affected by an information disclosure vulnerability. A remote, authenticated attacker can exploit this, via PowerShell PS script operations, to obtain user passwords and othe...

Windows Interactive Powershell Session, Bind TCP

Listen for a connection and spawn an interactive powershell session This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/powershell' Extends the Exec payload to run a powershell command module MetasploitModule...

Windows Interactive Powershell Session, Reverse TCP

Listen for a connection and spawn an interactive powershell session This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/powershell' module MetasploitModule CachedSize = :dynamic include...

Windows Interactive Powershell Session, Bind TCP

Interacts with a powershell session on an established socket connection This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/powershell' module MetasploitModule CachedSize = :dynamic include Msf::Payload::Sing...

Windows Interactive Powershell Session, Reverse TCP

Interacts with a powershell session on an established socket connection This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/powershell' module MetasploitModule CachedSize = :dynamic include Msf::Payload::Sing...

CVE-2015-2108

Unspecified vulnerability in Powershell Operations in HP Operations Orchestration 9.x and 10.x allows remote authenticated users to obtain sensitive information via unknown vectors...

CVE-2015-2108

Unspecified vulnerability in Powershell Operations in HP Operations Orchestration 9.x and 10.x allows remote authenticated users to obtain sensitive information via unknown vectors...

CVE-2015-2108

HP Operations Orchestration (HP O.O.) versions 9.x and 10.x are affected by CVE-2015-2108, an information-disclosure vulnerability exploitable via PowerShell operations. The issue allows remote authenticated users to obtain sensitive information; exact vectors are not publicly detailed in the pro...

Shellcode Win x86-6 4 - Download & execute (Generator)-bug warning-the black bar safety net

Title: Obfuscated Shellcode Windows x86/x64 Download And Execute Use PowerShell - Generator length: Dynamic ! depend on url and filename Date: 2 0 January 2 0 1 5 Author: Ali Razmjoo tested On: Windows 7 x64 ultimate WinExec = 0x77b1e695 ExitProcess = 0x77ae2acf ==================================...

Adobe Flash Player ByteArray UncompressViaZlibVariant Use-After-Free-vulnerability warning-the black bar safety net

require 'msf/core' class Metasploit3 Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Powershell include Msf::Exploit::Remote::BrowserExploitServer def initializeinfo= superupdateinfoinfo, 'Name' = 'Adobe Flash Player ByteArray UncompressViaZlibVariant Use After Free', 'Description...

Win x86-64 - Download & execute Generator

Win x86-64 - Download & execute Generator. Shellcode exploit for windows platform Title: Obfuscated Shellcode Windows x86/x64 Download And Execute Use PowerShell - Generator length: Dynamic ! depend on url and filename Date: 20 January 2015 Author: Ali Razmjoo tested On: Windows 7 x64 ultimate...

win64/7 Obfuscated Shellcode Download And Execute [Dynamic Lenth]

Title: Obfuscated Shellcode Windows x64 Download And Execute Use PowerShell - Generator length: Dynamic ! depend on url and filename Date: 20 January 2015 Author: Ali Razmjoo tested On: Windows 7 x64 ultimate WinExec = 0x769e2c91 ExitProcess = 0x769679f8 ==================================== Execu...

win32/7 Obfuscated Shellcode Download And Execute [Dynamic Lenth]

Title: Obfuscated Shellcode Windows x86 Download And Execute Use PowerShell - Generator length: Dynamic ! depend on url and filename Date: 20 January 2015 Author: Ali Razmjoo tested On: Windows 7 x64 ultimate WinExec = 0x77b1e695 ExitProcess = 0x77ae2acf ==================================== Execu...

SQL Server stored procedure Hacking（II）of the user to impersonate-vulnerability warning-the black bar safety net

Security pulse in the before provides SQL Server stored procedure Hacking series the first portion of the SQL Server stored procedure Hacking I of trusted database, now to translate the SQL Server stored procedure Hacking（II）of the user to impersonate on Application developers often use SQL Serve...

GIT 1.8.5.6/1.9.5/2.0.5/2.1.4/2.2.1 & Mercurial < 3.2.3 - Multiple Vulnerabilities (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Malicious Git and Mercurial HTTP Server For CVE-2014-9390', 'Description' = %q This module exploits CVE-2014-9390, which affect...

Powershell Remoting Remote Command Execution

This module uses Powershell Remoting TCP 47001 to inject payloads on target machines. If RHOSTS are specified, it will try to resolve the IPs to hostnames, otherwise use a HOSTFILE to supply a list of known hostnames. This module requires Metasploit: https://metasploit.com/download Current source...