what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 224 RSS Feed

Files from sinn3r

Email addressx90.sinner at gmail.com
First Active2009-12-13
Last Active2024-09-01
Bitweaver Overlay_type Directory Traversal
Posted Sep 1, 2024
Authored by sinn3r, Jonathan Claudius, David Aaron | Site metasploit.com

This Metasploit module exploits a directory traversal vulnerability found in Bitweaver. When handling the overlay_type parameter, view_overlay.php fails to do any path checking/filtering, which can be abused to read any file outside the virtual directory.

tags | exploit, php
advisories | CVE-2012-5192
SHA-256 | 75260c8739219589832630db597ad076c6fa9dee26583aeb19f2537f54e959f0
Sybase Easerver 6.3 Directory Traversal
Posted Sep 1, 2024
Authored by sinn3r, Sow Ching Shiong | Site metasploit.com

This Metasploit module exploits a directory traversal vulnerability found in Sybase EAservers Jetty webserver on port 8000. Code execution seems unlikely with EAservers default configuration unless the web server allows WRITE permission.

tags | exploit, web, code execution
advisories | CVE-2011-2474
SHA-256 | 7bfd36e1187bbe4aedbbf3cc9f1865de502ad6964a28a52016ac80e17c3bbfa5
Simple Web Server 2.3-RC1 Directory Traversal
Posted Sep 1, 2024
Authored by sinn3r, CwG GeNiuS | Site metasploit.com

This Metasploit module exploits a directory traversal vulnerability found in Simple Web Server 2.3-RC1.

tags | exploit, web
advisories | CVE-2002-1864
SHA-256 | 51715fee223323063efe38cccd63acc54537c25beb376295f1d2c1da1023b617
ManageEngine DeviceExpert 5.6 ScheduleResultViewer FileName Traversal
Posted Sep 1, 2024
Authored by rgod, sinn3r | Site metasploit.com

This Metasploit module exploits a directory traversal vulnerability found in ManageEngine DeviceExperts ScheduleResultViewer Servlet. This is done by using "..\..\..\..\..\..\..\..\..\..\" in the path in order to retrieve a file on a vulnerable machine. Please note that the SSL option is required in order to send HTTP requests.

tags | exploit, web
SHA-256 | ead6620e60a1e33962bc1a629b7991560b6ad340faaa6fcdaf3b569e03e10a00
MS15-034 HTTP Protocol Stack Request Handling HTTP.SYS Memory Information Disclosure
Posted Sep 1, 2024
Authored by sinn3r, Rich Whitcroft, Sunny Neo | Site metasploit.com

This Metasploit module dumps memory contents using a crafted Range header and affects only Windows 8.1, Server 2012, and Server 2012R2. Note that if the target is running in VMware Workstation, this module has a high likelihood of resulting in BSOD; however, VMware ESX and non-virtualized hosts seem stable. Using a larger target file should result in more memory being dumped, and SSL seems to produce more data as well.

tags | exploit
systems | windows
advisories | CVE-2015-1635
SHA-256 | 4a0a7232721b04275d17b16891f2475537a84cfaad2597bb4398fc1c09c5c025
NetDecision NOCVision Server Directory Traversal
Posted Sep 1, 2024
Authored by Luigi Auriemma, sinn3r | Site metasploit.com

This Metasploit module exploits a directory traversal bug in NetDecisions TrafficGrapherServer.exe service. This is done by using "...\" in the path to retrieve a file on a vulnerable machine.

tags | exploit
advisories | CVE-2012-1465
SHA-256 | 2db5b43271b02aac5bc92d77bc7a6d556cf2284427702920362c068ef7494e85
ManageEngine SecurityManager Plus 5.5 Directory Traversal
Posted Sep 1, 2024
Authored by sinn3r, blkhtc0rp | Site metasploit.com

This Metasploit module exploits a directory traversal flaw found in ManageEngine SecurityManager Plus 5.5 or less. When handling a file download request, the DownloadServlet class fails to properly check the f parameter, which can be abused to read any file outside the virtual directory.

tags | exploit
SHA-256 | 98b90060e56e53ae955e5807e913d453feb2e176f2c8a1d9bd2e96baeda6e4c2
Wordpress XML-RPC System.multicall Credential Collector
Posted Sep 1, 2024
Authored by William, sinn3r, KINGSABRI | Site metasploit.com

This Metasploit module attempts to find Wordpress credentials by abusing the XMLRPC APIs. Wordpress versions prior to 4.4.1 are suitable for this type of technique. For newer versions, the script will drop the CHUNKSIZE to 1 automatically.

tags | exploit
SHA-256 | 86141a52d8d8035b170f6b501c77432e3aa0ad370de1b670688134dc56bcc34a
Outlook Web App (OWA) Brute Force Utility
Posted Sep 1, 2024
Authored by Andrew Smith, sinn3r, Spencer McIntyre, Brandon Knight, Nate Power, Chapman Schleiss, Pete Arzamendi, Vitor Moreira, SecureState R&D Team | Site metasploit.com

This Metasploit module tests credentials on OWA 2003, 2007, 2010, 2013, and 2016 servers.

tags | exploit
SHA-256 | fe449d1093c827b43ae6705f3fdb503e01d7ff4b5ec59ad4e40f9657a25a142a
GlassFish Brute Force Utility
Posted Sep 1, 2024
Authored by sinn3r, Joshua Abraham | Site metasploit.com

This Metasploit module attempts to login to GlassFish instance using username and password combinations indicated by the USER_FILE, PASS_FILE, and USERPASS_FILE options. It will also try to do an authentication bypass against older versions of GlassFish. Note: by default, GlassFish 4.0 requires HTTPS, which means you must set the SSL option to true, and SSLVersion to TLS1. It also needs Secure Admin to access the DAS remotely.

tags | exploit, web
advisories | CVE-2011-0807
SHA-256 | 6c7157ec94048d1b65a89eee8917a88c9f200e77ed3ea2eb46eb08e22e74dcae
Symantec Messaging Gateway 9.5 Log File Download
Posted Sep 1, 2024
Authored by Ben Williams, sinn3r | Site metasploit.com

This Metasploit module will download a file of your choice against Symantec Messaging Gateway. This is possible by exploiting a directory traversal vulnerability when handling the logFile parameter, which will load an arbitrary file as an attachment. Note that authentication is required in order to successfully download your file.

tags | exploit, arbitrary
advisories | CVE-2012-4347
SHA-256 | 729ff2b80ca640b077d342b8e5cba0062b263a17f7b346842d74573342e6baaf
Sockso Music Host Server 1.5 Directory Traversal
Posted Sep 1, 2024
Authored by Luigi Auriemma, sinn3r | Site metasploit.com

This Metasploit module exploits a directory traversal bug in Sockso on port 4444. This is done by using "../" in the path to retrieve a file on a vulnerable machine.

tags | exploit
SHA-256 | 8b58c3d3a18b7324e06669702efc26713aaea795ec63f5471cbbb73c604a5e29
ClanSphere 2011.3 Local File Inclusion
Posted Sep 1, 2024
Authored by sinn3r, blkhtc0rp | Site metasploit.com

This Metasploit module exploits a directory traversal flaw found in Clansphere 2011.3. The application fails to handle the cs_lang parameter properly, which can be used to read any file outside the virtual directory.

tags | exploit
SHA-256 | 8c388b0595a2b36d16445e43deb2333fed77b9a4cda530522fc89615a19444ed
Cisco Firepower Management Console 6.0 Post Auth Report Download Directory Traversal
Posted Sep 1, 2024
Authored by Matt, sinn3r | Site metasploit.com

This Metasploit module exploits a directory traversal vulnerability in Cisco Firepower Management under the context of www user. Authentication is required to exploit this vulnerability.

tags | exploit
systems | cisco
advisories | CVE-2016-6435
SHA-256 | 0d061939908b4334892c19426e04f252eec077a12d12b54436788e6508658a48
WebPageTest Directory Traversal
Posted Sep 1, 2024
Authored by dun, sinn3r | Site metasploit.com

This Metasploit module exploits a directory traversal vulnerability found in WebPageTest. Due to the way the gettext.php script handles the file parameter, it is possible to read a file outside the www directory.

tags | exploit, php
SHA-256 | c8fc5793bb9641b12b4d2106a06fb4d479a668d64206809ae721e664f0532142
Yaws Web Server Directory Traversal
Posted Sep 1, 2024
Authored by sinn3r | Site metasploit.com

This Metasploit module exploits a directory traversal bug in Yaws v1.9.1 or less. The module can only be used to retrieve files. However, code execution might be possible. Because when the malicious user sends a PUT request, a file is actually created, except no content is written.

tags | exploit, code execution
advisories | CVE-2011-4350
SHA-256 | 100096ddc3f68245671d7c79a3e9817a588a3133d7f03303b89fad43146b34e0
S40 0.4.2 CMS Directory Traversal
Posted Sep 1, 2024
Authored by Osirys, sinn3r | Site metasploit.com

This Metasploit module exploits a directory traversal vulnerability found in S40 CMS. The flaw is due to the page function not properly handling the $pid parameter, which allows a malicious user to load an arbitrary file path.

tags | exploit, arbitrary
SHA-256 | d6720a2fda7d3817e8ed89f2d465217c66c920fe74798458a08c6ec8b7c48925
Samba _netr_ServerPasswordSet Uninitialized Credential State
Posted Sep 1, 2024
Authored by sinn3r, sleepya, Richard van Eeden | Site metasploit.com

This Metasploit module checks if a Samba target is vulnerable to an uninitialized variable creds vulnerability.

tags | exploit
advisories | CVE-2015-0240
SHA-256 | 681efe7fe7ea30e7014e98779385ad637775f0fc6af8ac07bd254b36e8b70529
IpSwitch WhatsUp Gold TFTP Directory Traversal
Posted Aug 31, 2024
Authored by sinn3r, juan vazquez, Prabhu S Angadi | Site metasploit.com

This Metasploit modules exploits a directory traversal vulnerability in IpSwitch WhatsUp Golds TFTP service.

tags | exploit
advisories | CVE-2011-4722
SHA-256 | f52a92979e0cd2467ac4d0bd611f2176dc90cd4fd1fa2d4a2be6f245808683ef
VMWare Update Manager 4 Directory Traversal
Posted Aug 31, 2024
Authored by Alexey Sintsov, sinn3r | Site metasploit.com

This Metasploit modules exploits a directory traversal vulnerability in VMWare Update Manager on port 9084. Versions affected by this vulnerability: vCenter Update Manager 4.1 prior to Update 2, vCenter Update Manager 4 Update 4.

tags | exploit
advisories | CVE-2011-4404
SHA-256 | 141792b0109b73b145e21b04ca6c1e0cd9cb9dfc495904452e3a23caf4459da8
HP Data Protector 6.1 EXEC_CMD Command Execution
Posted Aug 31, 2024
Authored by Wireghoul, sinn3r, ch0ks, c4an | Site metasploit.com

This Metasploit module exploits HP Data Protectors omniinet process, specifically against a Windows setup. When an EXEC_CMD packet is sent, omniinet.exe will attempt to look for that user-supplied filename with kernel32!FindFirstFileW(). If the file is found, the process will then go ahead execute it with CreateProcess() under a new thread. If the filename isnt found, FindFirstFileW() will throw an error (0x03), and then bails early without triggering CreateProcess(). Because of these behaviors, if you try to supply an argument, FindFirstFileW() will look at that as part of the filename, and then bail. Please note that when you specify the CMD option, the base path begins under C:\.

tags | exploit
systems | windows
advisories | CVE-2011-0923
SHA-256 | d60f9ecfdd7e75b911a02d2e3e9f7e6e28eb00b4db11022e93bc1c7e16bb9722
Novell EDirectory EMBox Unauthenticated File Access
Posted Aug 31, 2024
Authored by Nicob, MC, sinn3r | Site metasploit.com

This Metasploit module will access Novell eDirectorys eMBox service and can run the following actions via the SOAP interface: GET_DN, READ_LOGS, LIST_SERVICES, STOP_SERVICE, START_SERVICE, SET_LOGFILE.

tags | exploit
advisories | CVE-2008-0926
SHA-256 | 6f3159d4e22911966229228c779f6b480d4899bc7ad4b88645ca6777cfbc71f7
MS10-065 Microsoft IIS 5 NTFS Stream Authentication Bypass
Posted Aug 31, 2024
Authored by Soroush Dalili, sinn3r | Site metasploit.com

This Metasploit module bypasses basic authentication for Internet Information Services (IIS). By appending the NTFS stream name to the directory name in a request, it is possible to bypass authentication.

tags | exploit
advisories | CVE-2010-2731
SHA-256 | 81c7985df2aff0d30d1f7d3ade0d49b345a4a07669ede4729c9660062ed8657d
Plixer Scrutinizer NetFlow And SFlow Analyzer HTTP Authentication Bypass
Posted Aug 31, 2024
Authored by MC, sinn3r, Jonathan Claudius, Tanya Secker | Site metasploit.com

This will add an administrative account to Scrutinizer NetFlow and sFlow Analyzer without any authentication. Versions such as 9.0.1 or older are affected.

tags | exploit
advisories | CVE-2012-2626
SHA-256 | 49a2f85914fe62a59a5b35436be0129aeb6f0625b2437d7ef4016b0001eb50ea
Apple TV Video Remote Control
Posted Aug 31, 2024
Authored by sinn3r, 0a29406d9794e4f9b30b3c5d6702c708 | Site metasploit.com

This Metasploit module plays a video on an AppleTV device. Note that AppleTV can be somewhat picky about the server that hosts the video. Tested servers include default IIS, default Apache, and Rubys WEBrick. For WEBrick, the default MIME list may need to be updated, depending on what media file is to be played. Python SimpleHTTPServer is not recommended. Also, if youre playing a video, the URL must be an IP address. Some AppleTV devices are actually password-protected; in that case please set the PASSWORD datastore option. For password brute forcing, please see the module auxiliary/scanner/http/appletv_login.

tags | exploit, web, python, ruby
SHA-256 | 98d9e586a534095e5d0b6f478a9570f6bcf61c7030ee08f41c68fcaf77e0442b
Page 1 of 9
Back12345Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close