6841 matches found
HTTP File Extension Scanner
This module identifies the existence of additional files by modifying the extension of an existing file. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'pathname' class MetasploitModule 'HTTP File Extension...
Archive.org Stored Domain URLs
This module pulls and parses the URLs stored by Archive.org for the purpose of replaying during a web assessment. Finding unlinked and old pages. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'net/http' clas...
Audiotran 1.4.1 (PLS File) Stack Buffer Overflow
This module exploits a stack-based buffer overflow in Audiotran 1.4.1. An attacker must send the file to victim and the victim must open the file. Alternatively it may be possible to execute code remotely via an embedded PLS file within a browser, when the PLS extension is registered to Audiotran...
AOL 9.5 Phobos.Playlist Import() Stack-based Buffer Overflow
This module exploits a stack-based buffer overflow within Phobos.dll of AOL 9.5. By setting an overly long value to 'Import', an attacker can overrun a buffer and execute arbitrary code. NOTE: This ActiveX control is NOT marked safe for scripting or initialization. This module requires Metasploit...
NTP Monitor List Scanner
This module identifies NTP servers which permit "monlist" queries and obtains the recent clients list. The monlist feature allows remote attackers to cause a denial of service traffic amplification via spoofed requests. The more clients there are in the list, the greater the amplification. This...
MySQL yaSSL CertDecoder::GetName Buffer Overflow
This module exploits a stack buffer overflow in the yaSSL 1.9.8 and earlier implementation bundled with MySQL. By sending a specially crafted client certificate, an attacker can execute arbitrary code. This vulnerability is present within the CertDecoder::GetName function inside...
MySQL yaSSL SSL Hello Message Buffer Overflow
This module exploits a stack buffer overflow in the yaSSL 1.7.5 and earlier implementation bundled with MySQL 'MySQL yaSSL SSL Hello Message Buffer Overflow', 'Description' = %q This module exploits a stack buffer overflow in the yaSSL 1.7.5 and earlier implementation bundled with MySQL 'MC' ,...
MySQL yaSSL SSL Hello Message Buffer Overflow
This module exploits a stack buffer overflow in the yaSSL 1.7.5 and earlier implementation bundled with MySQL 'MySQL yaSSL SSL Hello Message Buffer Overflow', 'Description' = %q This module exploits a stack buffer overflow in the yaSSL 1.7.5 and earlier implementation bundled with MySQL 'MC' ,...
DB2 Probe Utility
This module queries a DB2 instance information. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'DB2 Probe Utility', 'Description' = 'This module queries a DB2 instance information.', 'Author' =...
HP OpenView Network Node Manager ovalarm.exe CGI Buffer Overflow
This module exploits a stack buffer overflow in HP OpenView Network Node Manager 7.53. By sending a specially crafted CGI request to ovalarm.exe, an attacker can execute arbitrary code. This specific vulnerability is due to a call to "sprintfnew" in the "isWide" function within "ovalarm.exe". A...
Oracle 10gR2 TNS Listener AUTH_SESSKEY Buffer Overflow
This module exploits a stack buffer overflow in Oracle. When sending a specially crafted packet containing a long AUTHSESSKEY value to the TNS service, an attacker may be able to execute arbitrary code. This module requires Metasploit: https://metasploit.com/download Current source:...
FTP Version Scanner
Detect FTP Version. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'FTP Version Scanner', 'Description' = 'Detect FTP Version.', 'Author' = 'hdm', 'License' = MSFLICENSE registeroptions...
SSH Version Scanner
Detect SSH Version, and the server encryption This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'recog' require 'net/ssh/transport/session' class MetasploitModule 'SSH Version Scanner', 'Description' = 'Detect S...
Finger Service User Enumerator
Identify valid users through the finger service using a variety of tricks This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Finger Service User Enumerator', 'Description' = 'Identify valid users...
HTTP Version Detection
Display version information about each system. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'HTTP Version Detection', 'Description' = 'Display version information about each system.', 'Author...
MySQL Server Version Enumeration
Enumerates the version of MySQL servers. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'MySQL Server Version Enumeration', 'Description' = %q Enumerates the version of MySQL servers. , 'Author...
Telnet Service Banner Detection
Detect telnet services This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Telnet Service Banner Detection', 'Description' = 'Detect telnet services', 'Author' = 'hdm', 'License' = MSFLICENSE...
HP OmniInet.exe MSG_PROTOCOL Buffer Overflow
This module exploits a stack-based buffer overflow in the Hewlett-Packard OmniInet NT Service. By sending a specially crafted MSGPROTOCOL 0x010b packet, a remote attacker may be able to execute arbitrary code with elevated privileges. This service is installed with HP OpenView Data Protector, HP...
HP OmniInet.exe MSG_PROTOCOL Buffer Overflow
This module exploits a stack-based buffer overflow in the Hewlett-Packard OmniInet NT Service. By sending a specially crafted MSGPROTOCOL 0x010b packet, a remote attacker may be able to execute arbitrary code with elevated privileges. This service is installed with HP OpenView Data Protector, HP...
BigAnt Server 2.52 USV Buffer Overflow
This exploits a stack buffer overflow in the BigAnt Messaging Service, part of the BigAnt Server product suite. This module was tested successfully against version 2.52. NOTE: The AntServer service does not restart, you only get one shot. This module requires Metasploit:...
NetTransport Download Manager 2.90.510 Buffer Overflow
This exploits a stack buffer overflow in NetTransport Download Manager, part of the NetXfer suite. This module was tested successfully against version 2.90.510. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class...
MS09-004 Microsoft SQL Server sp_replwritetovarbin Memory Corruption
A heap-based buffer overflow can occur when calling the undocumented "spreplwritetovarbin" extended stored procedure. This vulnerability affects all versions of Microsoft SQL Server 2000 and 2005, Windows Internal Database, and Microsoft Desktop Engine MSDE without the updates supplied in MS09-00...
ARP Sweep Local Network Discovery
Enumerate alive Hosts in local network using ARP requests. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ARP Sweep Local Network Discovery', 'Description' = %q Enumerate alive Hosts in local...
MS06-070 Microsoft Workstation Service NetpManageIPCConnect Overflow
This module exploits a stack buffer overflow in the NetApi32 NetpManageIPCConnect function using the Workstation service in Windows 2000 SP4 and Windows XP SP2. In order to exploit this vulnerability, you must specify the name of a valid Windows DOMAIN. It may be possible to satisfy this conditio...
Single Static Bit
Static value for specific bit This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework NOTE: this encoder currently has only be tested using bit 5 set to on. The decoder has been tested with all possible values, but the decode...
Alt-N SecurityGateway username Buffer Overflow
Alt-N SecurityGateway is prone to a buffer overflow condition. This is due to insufficient bounds checking on the "username" parameter. Successful exploitation could result in code execution with SYSTEM level privileges. NOTE: This service doesn't restart, you'll only get one shot. However, it...
SunRPC Portmap Program Enumerator
This module calls the target portmap service and enumerates all program entries and their running port numbers. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SunRPC Portmap Program Enumerator...
Media Jukebox 8.0.400 Buffer Overflow (SEH)
This module exploits a stack buffer overflow in Media Jukebox 8.0.400 by creating a specially crafted m3u or pls file. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Media Jukebox 8.0.400 Buff...
MySQL Enumeration Module
This module allows for simple enumeration of MySQL Database Server provided proper credentials to connect remotely. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'MySQL Enumeration Module',...
NetBIOS Information Discovery
Discover host information through NetBIOS This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'NetBIOS Information Discovery', 'Description' = 'Discover host information through NetBIOS', 'Author' =...
MySQL SQL Generic Query
This module allows for simple SQL statements to be executed against a MySQL instance given the appropriate credentials. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'MySQL SQL Generic Query',...
IBM Tivoli Storage Manager Express RCA Service Buffer Overflow
This module exploits a stack buffer overflow in the IBM Tivoli Storage Manager Express Remote Client Agent service. By sending a "dicuGetIdentify" request packet containing a long NodeName parameter, an attacker can execute arbitrary code. NOTE: this exploit first connects to the CAD service to...
IBM Tivoli Storage Manager Express CAD Service Buffer Overflow
This module exploits a stack buffer overflow in the IBM Tivoli Storage Manager Express CAD Service. By sending a "ping" packet containing a long string, an attacker can execute arbitrary code. NOTE: the dsmcad.exe service must be in a particular state CadWaitingStatus = 1 in order for the...
IBM Tivoli Storage Manager Express CAD Service Buffer Overflow
This module exploits a stack buffer overflow in the IBM Tivoli Storage Manager Express CAD Service 5.3.3. By sending an overly long GET request, it may be possible for an attacker to execute arbitrary code. This module requires Metasploit: https://metasploit.com/download Current source:...
ProShow Gold v4.0.2549 (PSH File) Stack Buffer Overflow
This module exploits a stack-based buffer overflow in ProShow Gold v4.0.2549. An attacker must send the file to victim and the victim must open the file. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class...
Sun Java JRE AWT setDiffICM Buffer Overflow
This module exploits a flaw in the setDiffICM function in the Sun JVM. The payload is serialized and passed to the applet via PARAM tags. It must be a native payload. The effected Java versions are JDK and JRE 6 Update 16 and earlier, JDK and JRE 5.0 Update 21 and earlier, SDK and JRE 1.4.223 and...
Adobe Doc.media.newPlayer Use After Free Vulnerability
This module exploits a use after free vulnerability in Adobe Reader and Adobe Acrobat Professional versions up to and including 9.2. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'zlib' class MetasploitModul...
Adobe FlateDecode Stream Predictor 02 Integer Overflow
This module exploits an integer overflow vulnerability in Adobe Reader and Adobe Acrobat Professional versions before 9.2. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'zlib' class MetasploitModule 'Adobe...
Adobe FlateDecode Stream Predictor 02 Integer Overflow
This module exploits an integer overflow vulnerability in Adobe Reader and Adobe Acrobat Professional versions before 9.2. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'zlib' class MetasploitModule 'Adobe...
Sun Java Calendar Deserialization Privilege Escalation
This module exploits a flaw in the deserialization of Calendar objects in the Sun JVM. The payload can be either a native payload which is generated as an executable and dropped/executed on the target or a shell from within the Java applet in the target browser. The affected Java versions are JDK...
Adobe Doc.media.newPlayer Use After Free Vulnerability
This module exploits a use after free vulnerability in Adobe Reader and Adobe Acrobat Professional versions up to and including 9.2. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'zlib' class MetasploitModul...
HP OpenView Network Node Manager OpenView5.exe CGI Buffer Overflow
This module exploits a stack buffer overflow in HP OpenView Network Node Manager 7.50. By sending a specially crafted CGI request, an attacker may be able to execute arbitrary code. This module requires Metasploit: https://metasploit.com/download Current source:...
Cyrus IMAPD pop3d popsubfolders USER Buffer Overflow
This exploit takes advantage of a stack based overflow. Once the stack corruption has occurred it is possible to overwrite a pointer which is later used for a memcpy. This gives us a write anything anywhere condition similar to a format string vulnerability. NOTE: The popsubfolders option is a...
HP OpenView NNM 7.53, 7.51 OVAS.EXE Pre-Authentication Stack Buffer Overflow
This module exploits a stack buffer overflow in HP OpenView Network Node Manager versions 7.53 and earlier. Specifically this vulnerability is caused by a failure to properly handle user supplied input within the HTTP request including headers and the actual URL GET request. Exploitation is trick...
NCTAudioFile2 v2.x ActiveX Control SetFormatLikeSample() Buffer Overflow
This module exploits a stack buffer overflow in the NCTAudioFile2.Audio ActiveX Control provided by various audio applications. By sending an overly long string to the "SetFormatLikeSample" method, an attacker may be able to execute arbitrary code. This module requires Metasploit:...
Millenium MP3 Studio 2.0 (PLS File) Stack Buffer Overflow
This module exploits a stack-based buffer overflow in Millenium MP3 Studio 2.0. An attacker must send the file to victim and the victim must open the file. Alternatively it may be possible to execute code remotely via an embedded PLS file within a browser, when the PLS extension is registered to...
Zabbix Agent net.tcp.listen Command Injection
This module exploits a metacharacter injection vulnerability in the FreeBSD and Solaris versions of the Zabbix agent. This flaw can only be exploited if the attacker can hijack the IP address of an authorized server as defined in the configuration file. This module requires Metasploit:...
MS09-020 IIS6 WebDAV Unicode Authentication Bypass
This module attempts to to bypass authentication using the WebDAV IIS6 Unicode vulnerability discovered by Kingcope. The vulnerability appears to be exploitable where WebDAV is enabled on the IIS6 server, and any protected folder requires either Basic, Digest or NTLM authentication. This module...
NTP.org ntpd Reserved Mode Denial of Service
This module exploits a denial of service vulnerability within the NTP network time protocol demon. By sending a single packet to a vulnerable ntpd server Victim A, spoofed from the IP address of another vulnerable ntpd server Victim B, both victims will enter an infinite response loop. Note, unle...
HP OpenView Network Node Manager Snmp.exe CGI Buffer Overflow
This module exploits a stack buffer overflow in HP OpenView Network Node Manager 7.50. By sending a specially crafted CGI request to Snmp.exe, an attacker may be able to execute arbitrary code. This module requires Metasploit: https://metasploit.com/download Current source:...