7023 matches found
Linux Meterpreter, Reverse HTTP Inline
Run the Meterpreter / Mettle server payload stageless This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework Module generated by tools/modules/generatemettlepayloads.rb module MetasploitModule CachedSize = 1137332 include...
Exploit for Code Injection in Samba
CVE-2017-7494 Remote root exploit for the SAMBA CVE-2017-7494...
Samba is_known_pipename() Code Execution
!/usr/bin/perl -w Remote Samba isknownpipename 3.5.0 to 4.4.14, 4.5.10, and 4.6.4. Exploit By NA , NAattutanota.com The orginal bug was discovered by steelo CVE-2017-7494 https://www.samba.org/samba/security/CVE-2017-7494.html Tested on Samba 4.5.8-Debian Requirments for this exploit to run: perl...
Reverse Engineering Framework: radare2
Reverse Engineering Framework: radare2 r2 is a rewrite from scratch of radare in order to provide a set of libraries and tools to work with binary files Radare project started as a forensics tool, a scriptable command-line hexadecimal editor able to open disk files, but later support for analyzin...
Instacart: Reverse Tab-nabbing at www.instacart.com/store/partner_recipe?recipe_url=
Summary Instacart at /store/partnerrecipe?recipeurl= endpoint is vulnerable to reverse tabnabbing, since the injected link use target="blank" , this means the page that opens in a new tab can access the initial tab and change its location using the window.opener property. example: Reproduction...
Reverse Engineering MacOS: HookCase
Reverse Engineering MacOS HookCase is a tool for debugging and reverse engineering applications on macOS aka OS X, and the operating system itself. It re-implements and extends Apple’s DYLDINSERTLIBRARIES functionality . It can be used to hook any method defined in any module’s symbol table,...
Exploit for Argument Injection in Phpmailer_Project Phpmailer
CVE2016-10033 explotation PoC This repository holds the neces...
GDB Exploit Development & Reverse Engineering: pwndbg
GDB Exploit Development & Reverse Engineering pwndbg /poʊndbæg/ is a GDB plug-in that makes debugging with GDB suck less, with a focus on features needed by low-level software developers, hardware hackers, reverse-engineers and exploit developers. Vanilla GDB is terrible to use for reverse...
Linux/x86-64 - Reverse Shell Shellcode (IPv6) (113 bytes)
BITS 64 ; reverse ip6 tcp shell ; size = 113 bytes depends of ip addr, default is ::1 ; nullbytes free depends only on ip addr, ; you could always and the ip add to remove ; the nulls like i did with the port ; it sleeps and then tries to recconect default 3 seconds ; ;shell =...
Linux/x86-64 - Reverse Shell Shellcode (IPv6) (113 bytes)
Linux/x86-64 - Reverse Shell Shellcode IPv6 113 bytes. Shellcode exploit for Linx86-64 platform BITS 64 ; reverse ip6 tcp shell ; size = 113 bytes depends of ip addr, default is ::1 ; nullbytes free depends only on ip addr, ; you could always and the ip add to remove ; the nulls like i did with t...
Researchers Disclose Intel AMT Flaw Research
On Friday, just as Intel released additional information regarding a critical flaw found earlier this week in a subset of its business-class PCs, the researchers behind the initial vulnerability discovery, Embedi, also published their research on the flaw. Intel warned Monday of a firmware...
EulerOS 2.0 SP1 : squid (EulerOS-SA-2016-1025)
According to the versions of the squid package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A buffer overflow flaw was found in the way the Squid cachemgr.cgi utility processed remotely relayed Squid input. When the CGI interface utility ...
Unix Command Shell, Reverse TCP (via ncat)
Creates an interactive shell via ncat, utilizing ssl mode This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 42 include Msf::Payload::Single include Msf::Sessions::CommandShellOptions...
Zabbix Server Active Proxy Trapper Remote Code Execution Vulnerability( CVE-2017-2824)
Official patch earlier to fix the vulnerabilities: the Zabbix database write vulnerability The vulnerability lies within the ìTrapperî section of the Zabbix Code, this is the network service that allows the Proxies and the Server to communicate TCP Port 10051 There are a set of API calls that the...
Zabbix Server Active Proxy Trapper Remote Code Execution Vulnerability
Summary An exploitable code execution vulnerability exists in the trapper command functionality of Zabbix Server 2.4.X . A specially crafted set of packets can cause a command injection resulting in remote code execution. An attacker can make requests from an active Zabbix Proxy to trigger this...
LogRhythm Network Monitor - Authentication Bypass / Command Injection
Exploit Title: LogRhythm Network Monitor Auth Bypass Root RCE Public Disclosure Date: 24 Apr 2017 Author: Francesco Oddo Reference: http://security-assessment.com/files/documents/advisory/Logrhythm-NetMonitor-Advisory.pdf Software Link: https://logrhythm.com/network-monitor-freemium/ Version:...
ShadowBroker release of NSA tools in the Esteemaudit vulnerability reproduction process-vulnerability warning-the black bar safety net
Recently the infamous equation tissue kit again is disclosed, TheShadowBrokers in steemit. com blog provides related message. The following is one of Esteemaudit vulnerability reproduction process. Preparation IP System information Use Note 192.168.146.132 Windows xp Attack aircraft Need Ann...
Microsoft Word - .RTF Remote Code Execution Exploit
Exploit for windows platform in category remote exploits ''' Exploit Title: Exploit CVE-2017-0199 Word RTF RCE vulnerability to gain meterpreter shell Date: 17/04/2017 Exploit Author: Bhadresh Patel Version: Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1, Microsof...
Apache Tomcat 9.0.0.M11 < 9.0.0.M17
The version of Tomcat installed on the remote host is prior to 9.0.0.M17. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat9.0.0.m17security-9 advisory. - An information disclosure issue was discovered in Apache Tomcat 8.5.7 to 8.5.9 and 9.0.0.M11 to 9.0.0.M15...
Apache Tomcat 8.5.7 < 8.5.11
The version of Tomcat installed on the remote host is prior to 8.5.11. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat8.5.11security-8 advisory. - An information disclosure issue was discovered in Apache Tomcat 8.5.7 to 8.5.9 and 9.0.0.M11 to 9.0.0.M15 in...