1796 matches found
Exploit for Argument Injection in Phpmailer_Project Phpmailer
CVE2016-10033 explotation PoC This repository holds the neces...
Zabbix Server Active Proxy Trapper Remote Code Execution Vulnerability( CVE-2017-2824)
Official patch earlier to fix the vulnerabilities: the Zabbix database write vulnerability The vulnerability lies within the ìTrapperî section of the Zabbix Code, this is the network service that allows the Proxies and the Server to communicate TCP Port 10051 There are a set of API calls that the...
Zabbix Server Active Proxy Trapper Remote Code Execution Vulnerability
Summary An exploitable code execution vulnerability exists in the trapper command functionality of Zabbix Server 2.4.X . A specially crafted set of packets can cause a command injection resulting in remote code execution. An attacker can make requests from an active Zabbix Proxy to trigger this...
LogRhythm Network Monitor - Authentication Bypass / Command Injection
Exploit Title: LogRhythm Network Monitor Auth Bypass Root RCE Public Disclosure Date: 24 Apr 2017 Author: Francesco Oddo Reference: http://security-assessment.com/files/documents/advisory/Logrhythm-NetMonitor-Advisory.pdf Software Link: https://logrhythm.com/network-monitor-freemium/ Version:...
Zyxel EMG2926 < V1.00(AAQT.4)b8 - OS Command Injection Vulnerability
Exploit for hardware platform in category remote exploits Exploit Title: Zyxel, EMG2926 /expert/maintenance/diagnostic/nslookup?nslookupbutton=nslookupbutton&pingip=google.ca%3b%20cat%20/etc/passwd&serverip= HTTP/1.1 Host: 192.168.0.1 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 Macintosh...
Zyxel / EMG2926 Command Injection
Exploit Title: Zyxel, EMG2926 /expert/maintenance/diagnostic/nslookup?nslookupbutton=nslookupbutton&pingip=google.ca%3b%20cat%20/etc/passwd&serverip= HTTP/1.1 Host: 192.168.0.1 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X 10124 AppleWebKit/537.36 KHTML, like Geck...
Linux/x86 - Reverse /bin/bash Shellcode (110 bytes)
Linux/x86 - Reverse /bin/bash Shellcode 110 bytes. Shellcode exploit for Linx86 platform / ; File name: reversebash.nasm ; Author: Jasmin Landry @JR0ch17 ; Purpose: Shellcode that creates a reverse /bin/bash shell on port 54321 to IP address 192.168.3.119 ; To change ; Shellcode length: 110 bytes...
A Red Teamer’s guide to pivoting
A Red Teamer’s guide to pivoting A Red Teamer's guide to pivoting Penetration testers often traverse logical network boundaries in order to gain access to client’s critical infrastracture. Common scenarios include developing the attack into the internal network after successful perimeter breach o...
CVE-2017-6971
AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 allow remote authenticated users to execute arbitrary commands in a privileged context, or launch a reverse shell, via vectors involving the PHP session ID and the NfSen PHP code, aka AlienVault ID ENG-104862...
CVE-2017-6971
AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 allow remote authenticated users to execute arbitrary commands in a privileged context, or launch a reverse shell, via vectors involving the PHP session ID and the NfSen PHP code, aka AlienVault ID ENG-104862...
CVE-2017-6971
AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 allow remote authenticated users to execute arbitrary commands in a privileged context, or launch a reverse shell, via vectors involving the PHP session ID and the NfSen PHP code, aka AlienVault ID ENG-104862...
Apache Struts 2 2.3.x / 2.5.x Remote Code Execution Exploit
Apache Struts 2 versions 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 remote code execution exploit that provides a reverse shell. Usage Info Tested with tomcat8 Install tomcat8 Deploy WAR file https://github.com/nixawk/labs/tree/master/CVE-2017-5638 Ex: Open: $ nc -lnvp 4444 python2 struntsrce....
Apache Struts 2 2.3.x / 2.5.x Remote Code Execution
CVE-2017-5638 Apache Struts 2 Vulnerability Remote Code Execution Reverse shell from target Author: anarc0der - github.com/anarcoder Tested with tomcat8 Install tomcat8 Deploy WAR file https://github.com/nixawk/labs/tree/master/CVE-2017-5638 Ex: Open: $ nc -lnvp 4444 python2 struntsrce.py...
Metasploit Meterpreter Reverse Payloads Remote Code Execution - ver2
A reverse shell is a type of shell in which the target machine communicates back to the attacking machine on a listener port. By remotely installing and running such a shell on the target machine, the attacker achieves remote code or command execution abilities, or may obtain sensitive informatio...
Linux/x86-64 - Polymorphic NetCat Reverse Shell Shellcode (106 bytes)
;The MIT License MIT ;Copyright c 2017 Robert L. Taylor ;Permission is hereby granted, free of charge, to any person obtaining a ;copy of this software and associated documentation files the “Software”, ;to deal in the Software without restriction, including without limitation ;the rights to use,...
Linux/x86-64 - NetCat Reverse Shell Shellcode (72 bytes)
;The MIT License MIT ;Copyright c 2017 Robert L. Taylor ;Permission is hereby granted, free of charge, to any person obtaining a ;copy of this software and associated documentation files the “Software”, ;to deal in the Software without restriction, including without limitation ;the rights to use,...
Linux/x86-64 - Polymorphic NetCat Reverse Shell Shellcode (106 bytes)
Linux/x86-64 - Polymorphic NetCat Reverse Shell Shellcode 106 bytes. Shellcode exploit for Linx86-64 platform ;The MIT License MIT ;Copyright c 2017 Robert L. Taylor ;Permission is hereby granted, free of charge, to any person obtaining a ;copy of this software and associated documentation files...
Linux/x86-64 - NetCat Reverse Shell Shellcode (72 bytes)
Linux/x86-64 - NetCat Reverse Shell Shellcode 72 bytes. Shellcode exploit for Linx86-64 platform ;The MIT License MIT ;Copyright c 2017 Robert L. Taylor ;Permission is hereby granted, free of charge, to any person obtaining a ;copy of this software and associated documentation files the “Software...
pfSense 2.3.2 Cross Site Request Forgery / Cross Site Scripting Vulnerabilities
pfSense version 2.3.2 suffers from cross site request forgery and cross site scripting vulnerabilities that can assist in gaining a reverse-shell remotely as root. Exploit Title: pfSense 2.3.2 XSS - CSRF-bypass & Reverse-root-shell Date: 01/03/2017 Author: Yann CAM @ASafety / Synetis Vendor or...
Linux/x86-64 - Reverse Shell Shellcode (84 bytes)
Linux/x86-64 - Reverse Shell Shellcode 84 bytes. Shellcode exploit for Linux platform / Title: Linux/x86-64 - Reverse TCP shellcode - 84 bytes Author: Manuel Mancera @sinkmanu Tested on: 3.16.0-4-amd64 1 SMP Debian 3.16.39-1 2016-12-30 x8664 GNU/Linux ----------------- Assembly code...