7042 matches found
One-Lin3r v1.1 - Gives You One-Liners That Aids In Penetration Testing Operations
One-Lin3r is simple and light-weight framework inspired by the web-delivery module in Metasploit. It consists of various one-liners that aids in penetration testing operations: Reverser : Give it IP & port and it returns a reverse shell liner ready for copy & paste. Dropper : Give it an...
Linux Command Shell, Reverse TCP Inline (IPv6)
Connect back to attacker and spawn a command shell over IPv6 This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 158 include Msf::Payload::Single include...
isapi_redirect: Mishandled HTTP request paths in jk_isapi_plugin.c can lead to unintended exposure of application resources via the reverse proxy
The IIS/ISAPI specific code in the Apache Tomcat JK ISAPI Connector 1.2.0 to 1.2.42 that normalised the requested path before matching it to the URI-worker map did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via IIS, then it was possible fo...
Linux Meterpreter, Reverse HTTPS Inline
Run the Meterpreter / Mettle server payload stageless This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework Module generated by tools/modules/generatemettlepayloads.rb module MetasploitModule CachedSize = 1516524 include...
Linux Meterpreter, Reverse TCP Inline
Run the Meterpreter / Mettle server payload stageless This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework Module generated by tools/modules/generatemettlepayloads.rb module MetasploitModule CachedSize = 1061912 include...
Linux Meterpreter, Reverse HTTPS Inline
Run the Meterpreter / Mettle server payload stageless This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework Module generated by tools/modules/generatemettlepayloads.rb module MetasploitModule CachedSize = 1061912 include...
Linux Meterpreter, Reverse TCP Inline
Run the Meterpreter / Mettle server payload stageless This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework Module generated by tools/modules/generatemettlepayloads.rb module MetasploitModule CachedSize = 1516524 include...
Linux Meterpreter, Reverse HTTP Inline
Run the Meterpreter / Mettle server payload stageless This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework Module generated by tools/modules/generatemettlepayloads.rb module MetasploitModule CachedSize = 1061912 include...
Linux Meterpreter, Reverse HTTP Inline
Run the Meterpreter / Mettle server payload stageless This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework Module generated by tools/modules/generatemettlepayloads.rb module MetasploitModule CachedSize = 1516524 include...
WebKit not_number defineProperties Use-After-Free Exploit
Exploit for multiple platform in category dos / poc This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WebKit notnumber defineProperties UAF', 'Description' = %q This module exploits a UAF...
ReverseAPK - Quickly Analyze And Reverse Engineer Android Packages
Quickly analyze and reverse engineer Android applications. FEATURES: Displays all extracted files for easy reference Automatically decompile APK files to Java and Smali format Analyze AndroidManifest.xml for common vulnerabilities and behavior Static source code analysis for common vulnerabilitie...
USN-3663-1: HAProxy vulnerability
It was discovered that HAProxy incorrectly handled certain resquests. An attacker could possibly use this to expose sensitive information...
Passit: Insecure opening of external links in app.passit.io/list allows for reverse tabnabbing
Description https://app.passit.io/list renders external links under attacker control that open in a new tab such that the opened tab has access to the opening tab where the user was just browsing on app.passit.io via window.opener. This is likely due to the lack of specifying a rel="noopener"...
Linux/x86 - Reverse (10.0.7.17:4444/TCP) Shell (/bin/sh) Shellcode (101 Bytes)
/ Name : Jonathan "Chops" Crosby Email : email protected Twitter : @securitychops Website : https://securitychops.com Blog Post : https://securitychops.com/2018/05/21/slae-assignment-2-reverse-shell-tcp-shellcode.html Student ID : SLAE-1250 Assignment 2 : Reverse Shell TCP Linux/x86 Shellcode...
Linux/x86 - Reverse (10.10.2.4:4444/TCP) Shell Shellcode (68 bytes)
/ ; Title : Linux/x86 - Reverse TCP Shell Shellcode 68 bytes ; Date : May, 2018 ; Author : Nuno Freitas ; Blog Post : https://bufferoverflowed.wordpress.com ; Twitter : @nunof11 ; SLAE ID : SLAE-1112 ; Size : 68 bytes ; Tested on : i686 GNU/Linux section .text global start start: xor ecx, ecx mul...
Linux/x86 - Reverse (10.10.2.4:4444/TCP) Shell Shellcode (68 bytes)
Linux/x86 - Reverse 10.10.2.4:4444/TCP Shell Shellcode 68 bytes. Shellcode exploit for Linuxx86 platform / ; Title : Linux/x86 - Reverse TCP Shell Shellcode 68 bytes ; Date : May, 2018 ; Author : Nuno Freitas ; Blog Post : https://bufferoverflowed.wordpress.com ; Twitter : @nunof11 ; SLAE ID :...
Linux/x86 - Reverse (10.0.7.17:4444/TCP) Shell (/bin/sh) Shellcode (101 Bytes)
Linux/x86 - Reverse 10.0.7.17:4444/TCP Shell /bin/sh Shellcode 101 Bytes. Shellcode exploit for Linuxx86 platform / Name : Jonathan "Chops" Crosby Email : [email protected] Twitter : @securitychops Website : https://securitychops.com Blog Post :...
mySCADA myPRO 7 - Hard-Coded Credentials Vulnerability
Exploit for multiple platform in category remote exploits Exploit Title: mySCADA myPRO 7 - Hardcoded FTP Username and Password Exploit Author: Emre ÖVÜNÇ Vendor Homepage: https://www.myscada.org/mypro/ Software Link: https://www.myscada.org/download/ Version: v7 Tested on: Linux, Windows I. Probl...
Misconfigured Reverse Proxy Servers Spill Credentials
Researchers have created a proof-of-concept attack that allows unauthenticated adversaries to extract user credentials from misconfigured reverse proxy servers in order to delete, manipulate or extract data from websites and applications. The proof-of-concept PoC attack targets major cloud...
Nanopool Claymore Dual Miner 7.3 - Remote Code Execution
Nanopool Claymore Dual Miner 7.3 - Remote Code Execution Exploit Title: Nanopool Claymore Dual Miner = 7.3 Remote Code Execution Date: 2018/02/09 Exploit Author: ReverseBrain Vendor Homepage: https://nanopool.org/ Software Link: https://github.com/nanopool/Claymore-Dual-Miner Version: 7.3 and lat...