IPFire 2.19 Core Update 101 - Remote Command Execution

IPFire 2.19 Core Update 101 - Remote Command Execution Exploit Title: IPFire 2.19 Update Core 101 XSS to CSRF to Remote Command Execution Date: 04/05/2016 Author: Yann CAM @ Synetis - ASafety Vendor or Software Link: www.ipfire.org Version: lesser-than 2.19 Core Update 101 Category: Remote Comman...

IPFire < 2.19 Core Update 101 - Remote Command Execution

Exploit Title: IPFire 2.19 Update Core 101 XSS to CSRF to Remote Command Execution Date: 04/05/2016 Author: Yann CAM @ Synetis - ASafety Vendor or Software Link: www.ipfire.org Version: lesser-than 2.19 Core Update 101 Category: Remote Command Execution / XSS Google dork: Tested on: IPFire...

Gemtek CPE7000 - WLTCS-106 sysconf.cgi Unauthenticated Remote Command Execution (Metasploit)

Exploit for hardware platform in category web applications This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Gemtek CPE7000 - WLTCS-106 sysconf.cgi Unauthenticated Remote Command...

Gemtek CPE7000 - WLTCS-106 sysconf.cgi Remote Command Execution (Metasploit)

Gemtek CPE7000 - WLTCS-106 sysconf.cgi Remote Command Execution Metasploit This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Gemtek CPE7000 - WLTCS-106 sysconf.cgi Unauthenticated...

Gemtek CPE7000 - WLTCS-106 'sysconf.cgi' Remote Command Execution (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Gemtek CPE7000 - WLTCS-106 sysconf.cgi Unauthenticated Remote Command Execution', 'Description' = %q A vulnerability exists for Gemt...

PHP serialize/object injection vulnerability exploit-vulnerability warning-the black bar safety net

! This article is about PHP serialize/object injection vulnerability analysis of the short story, which tells about how to get the host of the remote shell. If you want to learn more about PHP serialized content, please visit this link. If you want to test this vulnerability, you can by XVWA and...

Brosec - An interactive reference tool to help security professionals utilize useful payloads and commands

Brosec is a terminal based reference utility designed to help us infosec bros and broettes with useful yet sometimes complex payloads and commands that are often used during work as infosec practitioners. An example of one of Brosec's most popular use cases is the ability to generate on the fly...

Z/OS (MVS) Command Shell, Reverse TCP

Provide JCL which creates a reverse shell This implementation does not include ebcdic character translation, so a client with translation capabilities is required. MSF handles this automatically. This module requires Metasploit: https://metasploit.com/download Current source:...

Linux/x86-64 - Reverse Shell Shellcode

/ Exploit Title: Shellcode Linux x8664 Reverse Shell Date: 19/03/2016 Shellcode Author: Sudhanshu Chauhan LinkedIn: https://in.linkedin.com/in/sudhanshuchauhan Tested on: Ubuntu 14.04.1 x8664 global start start: ;Socket xor rax, rax xor rdi, rdi xor rsi, rsi xor rdx, rdx add rax, 41 add rdi, 2 ad...

Cisco UCS Manager 2.1(1b) Shellshock

!/usr/bin/python Cisco UCS Manager 2.11b Shellshock Exploit CVE-2014-6278 Confirmed on version 2.11b, but more are likely vulnerable. Cisco's advisory: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash Exploit generates a reverse shell to a nc listener...

Cisco UCS Manager 2.1(1b) - Remote Command Injection (Shellshock)

Cisco UCS Manager 2.11b - Remote Command Injection Shellshock !/usr/bin/python Cisco UCS Manager 2.11b Shellshock Exploit CVE-2014-6278 Confirmed on version 2.11b, but more are likely vulnerable. Cisco's advisory:...

Cisco UCS Manager 2.1(1b) - Remote Exploit (Shellshock)

Exploit for hardware platform in category remote exploits !/usr/bin/python Cisco UCS Manager 2.11b Shellshock Exploit CVE-2014-6278 Confirmed on version 2.11b, but more are likely vulnerable. Cisco's advisory:...

Cisco UCS Manager 2.1(1b) - Remote Command Injection (Shellshock)

!/usr/bin/python Cisco UCS Manager 2.11b Shellshock Exploit CVE-2014-6278 Confirmed on version 2.11b, but more are likely vulnerable. Cisco's advisory: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash Exploit generates a reverse shell to a nc listener...

Technology share: how to use Python and PyInstaller to write a Windows malicious code-vulnerability warning-the black bar safety net

Disclaimer: This article is intended to share, not for malicious use! This article mainly shows is through the use of python and PyInstaller to build the malicious software of some poc. ! Known to all, malicious software and more will continued to target of the attack. And this is on windows ther...

Centreon 2.5.3 - Remote Command Execution

Exploit for php platform in category web applications Unauthenticated Remote Command Execution in Centreon Web Interface ================================================================== Description =========== Centreon is a popular monitoring solution. A critical vulnerability has been found in...

Centreon 2.5.3 - Remote Command Execution

Centreon 2.5.3 - Remote Command Execution Unauthenticated Remote Command Execution in Centreon Web Interface ================================================================== Description =========== Centreon is a popular monitoring solution. A critical vulnerability has been found in the Centreo...

Venom - Metasploit Shellcode Generator / Compiler / Listenner

The script will use msfvenom metasploit to generate shellcode in diferent formats c | python | ruby | dll | msi | hta-psh , injects the shellcode generated into one funtion example: python "the python funtion will execute the shellcode in ram" and uses compilers like: gcc gnu cross compiler or...

SevOne NMS 5.3.60 Remote Root

!/usr/bin/env python Exploit Title: SevOne NMS = 5.3.6.0 reverse shell remote root Date: 01/14/2016 Exploit Author: @iamsecurity Vendor Homepage: https://www.sevone.com/ Software Link: https://www.sevone.com/download2/free/vimage/SevOne-Download.ova Version: 5.3.6.0 """sevone.py: Simple reverse...

SevOne NMS 5.3.6.0 - Remote Root Exploit

Exploit for php platform in category web applications !/usr/bin/env python Exploit Title: SevOne NMS = 5.3.6.0 reverse shell remote root Date: 01/14/2016 Exploit Author: @iamsecurity Vendor Homepage: https://www.sevone.com/ Software Link:...

SevOne NMS 5.3.6.0 - Remote Command Execution

SevOne NMS 5.3.6.0 - Remote Command Execution !/usr/bin/env python Exploit Title: SevOne NMS = 5.3.6.0 reverse shell remote root Date: 01/14/2016 Exploit Author: @iamsecurity Vendor Homepage: https://www.sevone.com/ Software Link: https://www.sevone.com/download2/free/vimage/SevOne-Download.ova...