Metasploit Weekly Wrap-Up 06/07/2024

New OSX payloads:ARMed and Dangerous In addition to an RCE leveraging CVE-2024-5084 to gain RCE through a WordPress Hash form, this release features the addition of several new binary OSX stageless payloads with aarch64 support: Execute Command, Shell Bind TCP, and Shell Reverse TCP. The new...

KiTTY 0.76.1.13 - 'Start Duplicated Session Username' Buffer Overflow

Exploit Title: KiTTY 0.76.1.13 - 'Start Duplicated Session Username' Buffer Overflow Exploit Author: DEFCESCO Austin A. DeFrancesco Vendor Homepage: https://github.com/cyd01/KiTTY/= Software Link: https://github.com/cyd01/KiTTY/releases/download/v0.76.1.13/kitty-bin-0.76.1.13.zip Version: ≤...

Kingdia CD Extractor 3.0.2 - Buffer Overflow (SEH) Exploit

Exploit Title: Kingdia CD Extractor 3.0.2 - Buffer Overflow SEH Software Link: https://en.softonic.com/download/kingdia-cd-extractor/windows/post-download Exploit Author: Achilles Tested Version: 3.0.2 Tested on: Windows 7 64bit 1.- Run python code : Kingdia.py 2.- Open EVIL.txt and copy All...

Ether_MP3_CD_Burner 1.3.8 - Buffer Overflow (SEH)

Exploit Title: EtherMP3CDBurner 1.3.8 - Buffer Overflow SEH Date: 24.09.2021 Software Link: https://mp3-avi-mpeg-wmv-rm-to-audio-cd-burner.software.informer.com/download/?caa8ec-1.2 Software Link 2: https://anonfiles.com/X2Ff36J6ue/ethercdburnerexe Exploit Author: Achilles Tested Version: 1.3.8...

Tuneclone 2.20 - Local SEH Buffer Overflow Exploit

Exploit for windows platform in category local exploits Exploit Title: TuneClone Local Seh Exploit Date: 19.06.2019 Vendor Homepage: http://www.tuneclone.com/ Software Link: http://www.tuneclone.com/tuneclonesetup.exe Exploit Author: Achilles Tested Version: 2.20 Tested on: Windows XP SP3 EN 1.-...

ProShow 9.0.3797 - Local Privilege Escalation

!/usr/bin/python coding:utf-8 Exploit Title: ProShow v9.0.3797 Local Exploit Exploit Author: @YonatanCorrea website with details: https://risataim.blogspot.com/2019/06/exploit-local-para-proshow.html Vendor Homepage: http://www.photodex.com/ProShow Software Link:...

Lavavo CD Ripper 4.20 Local SEH Exploit

Exploit for windows platform in category local exploits Exploit Title: Lavavo CD Ripper 4.20 Local Seh Exploit Date: 25.04.2019 Vendor Homepage:https://www.lavavosoftware.com Software Link: https://lavavo-cd-ripper.jaleco.com/download Exploit Author: Achilles Tested Version: 4.20 Tested on: Windo...

Any Sound Recorder 2.93 Buffer Overflow

Exploit Title: Any Sound Recorder 2.93 - Buffer Overflow SEH Exploit Author: Abdullah Alic Discovery Date: 2018-10-16 Homepage: http://www.any-sound-recorder.com Software Link: http://www.any-sound-recorder.com/anysoundrecorder.exe Version: 2.93 Tested on: Windows XP Professional sp3 ENG Steps to...

CuteFTP 5.0 - Buffer Overflow Exploit

Exploit for windows platform in category local exploits Exploit Title: CuteFTP 5.0 - Buffer Overflow Author: Matteo Malvica Vendor homepage: www.globalscape.com Software: CuteFTP 5.0.4 XP - build 54.8.6.1 Software Link: http://installer.globalscape.com/pub/cuteftp/archive/english/cuteftp50.exe...

CuteFTP 5.0 - Buffer Overflow

Exploit Title: CuteFTP 5.0 - Buffer Overflow Author: Matteo Malvica Date: 2018-08-26 Vendor homepage: www.globalscape.com Software: CuteFTP 5.0.4 XP - build 54.8.6.1 Software Link: http://installer.globalscape.com/pub/cuteftp/archive/english/cuteftp50.exe Tested on: Windows XP Profesional SP3...

CloudMe Sync SEH Buffer Overflow

Exploit: CloudMe Sync netstat -nao | find "8888" TCP 0.0.0.0:8888 0.0.0.0:0 LISTENING 2640 C:\tasklist | find "2640" CloudMe.exe 2640 Console 1 36,632 K Attacking Machine: root@kali:/Desktop python cloudme.py CloudMe Sync v1.10.9 Buffer Overflow with DEP Bypass + CloudMe Target IP 192.168.12.4...

DVD X Player Standard 5.5.3.9 Buffer Overflow

Exploit Title: Buffer Overflow on DVD X Player Standard 5.5.3.9 Date: 29.03.2018 Vendor Homepage: http://www.dvd-x-player.com Software Link: http://www.dvd-x-player.com/download/DVDXPlayerSetup- Standard.exe Category: Local SEH Based Exploit Credit: Prasenjit Kanti Paul Web:...

SysGauge Server 3.6.18 Buffer Overflow

Exploit Title: SysGauge Server 3.6.18 - Buffer Overflow Exploit Author: Ahmad Mahfouz Description: Sysgauge Server Unauthenticated Remote Buffer Overflow SEH Contact: http://twitter.com/eln1x Date: 12/01/2018 CVE: CVE-2018-5359 Version: 3.6.18 Tested on: Windows 7 x64 Software Link:...

ALLPlayer 7.4 - Local Buffer Overflow (SEH Unicode)

ALLPlayer 7.4 - Local Buffer Overflow SEH Unicode !/usr/bin/python Exploit Title: ALL Player v7.4 SEH Buffer Overflow Unicode Version: 7.4 Date: 15-08-2017 Exploit Author: f3ci Tested on: Windows 7 SP1 x86 head = "http://" seh = "\x0f\x47" 0x0047000f nseh = "\x61\x41" popad align junk = "\x41" 30...

DiskBoss Enterprise 7.4.28 Buffer Overflow

!/usr/bin/python import socket,os,time SEH Stack Overflow in GET request DiskBoss Enterprise 7.4.28 Tested on Windows XP SP3 & Windows 7 Professional For educational proposes only host = "192.168.1.20" port = 80 badchars \x00\x09\x0a\x0d\x20 msfvenom -a x86 --platform windows -p...

Dup Scout Enterprise 9.1.14 - Remote Buffer Overflow (SEH)

Dup Scout Enterprise 9.1.14 - Remote Buffer Overflow SEH !/usr/bin/python Open the DupScout client and click on Tools click on Connect Network Drive type the content of boom.txt in the "User Name" field. The payload is sent to the DupScout server port 9126 SEH based stack overflow in DupScout...

DiskBoss Enterprise 7.4.28 - GET Buffer Overflow Exploit

Exploit for windows platform in category remote exploits !/usr/bin/python import socket,os,time SEH Stack Overflow in GET request DiskBoss Enterprise 7.4.28 Tested on Windows XP SP3 & Windows 7 Professional For educational proposes only host = "192.168.1.20" port = 80 badchars \x00\x09\x0a\x0d\x2...

Dup Scout Enterprise 9.1.14 - Remote Buffer Overflow (SEH)

!/usr/bin/python Open the DupScout client and click on Tools click on Connect Network Drive type the content of boom.txt in the "User Name" field. The payload is sent to the DupScout server port 9126 SEH based stack overflow in DupScout server Tested in Windows 7 Professional For educational...

Disk Savvy Enterprise 9.1.14 - 'GET' Buffer Overflow Exploit

Exploit for windows platform in category remote exploits !/usr/bin/python import socket,os,time SEH Stack Overflow in GET request Disk Savvy Enterprise 9.1.14 Tested on Windows XP SP3 && Windows 7 Professional host = "192.168.1.20" port = 80 badchars \x00\x09\x0a\x0d\x20 msfvenom -a x86 --platfor...

FTPShell Client 5.24 - PWD Remote Buffer Overflow

FTPShell Client 5.24 - PWD Remote Buffer Overflow -- coding: utf-8 -- Exploit Title: FTPShell Client v5.24 PWD Remote Buffer Overflow Date: 16/11/2016 Author: Yunus YILDIRIM Th3GundY Team: CT-Zer0 @CRYPTTECH - http://www.ct-zer0.com Author Website: http://yildirimyunus.com Contact:...