exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 254 RSS Feed

Files from H D Moore

Email addresshdm at metasploit.com
First Active1999-08-17
Last Active2024-09-01
Juniper SSH Backdoor Scanner
Posted Sep 1, 2024
Authored by H D Moore, h00die | Site metasploit.com

This Metasploit module scans for the Juniper SSH backdoor (also valid on Telnet). Any username is required, and the password is <<< %s(un=%s) = %u.

tags | exploit
systems | juniper
advisories | CVE-2015-7755
SHA-256 | 9063c59689446fe07bb9610922c2bca3f2bd26ac97f441441018bc99fbe63a81
Ray Sharp DVR Password Retriever
Posted Sep 1, 2024
Authored by H D Moore, someluser | Site metasploit.com

This Metasploit module takes advantage of a protocol design issue with the Ray Sharp based DVR systems. It is possible to retrieve the username and password through the TCP service running on port 9000. Other brands using this platform and exposing the same issue may include Swann, Lorex, Night Owl, Zmodo, URMET, and KGuard Security.

tags | exploit, tcp, protocol
SHA-256 | 8805abb547ee0c40d40a8ab15abce346a4a37b8f5ae7b7a9eeac09aa9f1a2cf4
Supermicro Onboard IPMI Port 49152 Sensitive File Exposure
Posted Sep 1, 2024
Authored by H D Moore, Dan Farmer, John Matherly, Zach Wikholm | Site metasploit.com

This Metasploit module abuses a file exposure vulnerability accessible through the web interface on port 49152 of Supermicro Onboard IPMI controllers. The vulnerability allows an attacker to obtain detailed device information and download data files containing the clear-text usernames and passwords for the controller. In May of 2014, at least 30,000 unique IPs were exposed to the internet with this vulnerability.

tags | exploit, web
SHA-256 | 1ca6be3bd1442f15e9c436c21eb3f55a0d2466eb4cc5defa624000e1a17d568b
Ruby On Rails JSON Processor YAML Deserialization Scanner
Posted Sep 1, 2024
Authored by H D Moore, jjarmoc | Site metasploit.com

This Metasploit module attempts to identify Ruby on Rails instances vulnerable to an arbitrary object instantiation flaw in the JSON request processor.

tags | exploit, arbitrary, ruby
advisories | CVE-2013-0333
SHA-256 | 170aaef589710c91521601000cb3b478c0e13d9f21b9c95db63d18f83815c46d
Supermicro Onboard IPMI CGI Scanner
Posted Sep 1, 2024
Authored by H D Moore, juan vazquez | Site metasploit.com

This Metasploit module checks for known vulnerabilities in the CGI applications of Supermicro Onboard IPMI controllers. These issues currently include several unauthenticated buffer overflows in the login.cgi and close_window.cgi components.

tags | exploit, overflow, cgi, vulnerability
advisories | CVE-2013-3621, CVE-2013-3623
SHA-256 | 25146ab0a527b2c20a4d174368a8756c57f0f973644733c599eb8239270f30b0
Chef Web UI Brute Force Utility
Posted Sep 1, 2024
Authored by H D Moore | Site metasploit.com

This Metasploit module attempts to login to Chef Web UI server instance using username and password combinations indicated by the USER_FILE, PASS_FILE, and USERPASS_FILE options. It will also test for the default login (admin:p@ssw0rd1).

tags | exploit, web
SHA-256 | a8b7ab4052d313ccc873b8bd18d89edbeb3d80da21d867193b4a96625924ef5d
Intel AMT Digest Authentication Bypass Scanner
Posted Sep 1, 2024
Authored by H D Moore | Site metasploit.com

This Metasploit module scans for Intel Active Management Technology endpoints and attempts to bypass authentication using a blank HTTP digest (CVE-2017-5689). This service can be found on ports 16992, 16993 (tls), 623, and 624 (tls).

tags | exploit, web
advisories | CVE-2017-5689
SHA-256 | 44deb16ec4e916e220f9f8b37748314f598bae3f65a5268506e4e9c1f53d9a36
Cisco IOS HTTP Unauthorized Administrative Access
Posted Sep 1, 2024
Authored by H D Moore, aushack | Site metasploit.com

This Metasploit module exploits a vulnerability in the Cisco IOS HTTP Server. By sending a GET request for "/level/num/exec/..", where num is between 16 and 99, it is possible to bypass authentication and obtain full system control. IOS 11.3 -> 12.2 are reportedly vulnerable. This Metasploit module tested successfully against a Cisco 1600 Router IOS v11.3(11d).

tags | exploit, web
systems | cisco, ios
advisories | CVE-2001-0537
SHA-256 | f47c8e7887760a5e15e7ecfe81baff6ced2ddb34267bcb19aff00e68bad4084e
Supermicro Onboard IPMI Url_redirect.cgi Authenticated Directory Traversal
Posted Sep 1, 2024
Authored by H D Moore, juan vazquez | Site metasploit.com

This Metasploit module abuses a directory traversal vulnerability in the url_redirect.cgi application accessible through the web interface of Supermicro Onboard IPMI controllers. The vulnerability is present due to a lack of sanitization of the url_name parameter. This allows an attacker with a valid, but not necessarily administrator-level account, to access the contents of any file on the system. This includes the /nv/PSBlock file, which contains the cleartext credentials for all configured accounts. This Metasploit module has been tested on a Supermicro Onboard IPMI (X9SCL/X9SCM) with firmware version SMT_X9_214. Other file names to try include /PSStore, /PMConfig.dat, and /wsman/simple_auth.passwd.

tags | exploit, web, cgi
SHA-256 | 2a895b9a6c562c00a389ca6061ee3c5d3935d00911eac01555699f44b7a15397
Zabbix Server Brute Force Utility
Posted Sep 1, 2024
Authored by H D Moore | Site metasploit.com

This Metasploit module attempts to login to Zabbix server instance using username and password combinations indicated by the USER_FILE, PASS_FILE, and USERPASS_FILE options. It will also test for the Zabbix default login (Admin:zabbix) and guest access.

tags | exploit
SHA-256 | 8ec80a1f70694342132af590c1ad84e293056f1130c804c7df66507954472b12
Ruby On Rails XML Processor YAML Deserialization Scanner
Posted Sep 1, 2024
Authored by H D Moore, jjarmoc | Site metasploit.com

This Metasploit module attempts to identify Ruby on Rails instances vulnerable to an arbitrary object instantiation flaw in the XML request processor.

tags | exploit, arbitrary, ruby
advisories | CVE-2013-0156
SHA-256 | f0ae12d1945cad391cd044fe41f2338c6b4c2ee245f8e083731f15e17c72fce3
Supermicro Onboard IPMI Static SSL Certificate Scanner
Posted Sep 1, 2024
Authored by H D Moore, Juan J. Fernandez Lopez | Site metasploit.com

This Metasploit module checks for a static SSL certificate shipped with Supermicro Onboard IPMI controllers. An attacker with access to the publicly-available firmware can perform man-in-the-middle attacks and offline decryption of communication to the controller. This Metasploit module has been on a Supermicro Onboard IPMI (X9SCL/X9SCM) with firmware version SMT_X9_214.

tags | exploit
advisories | CVE-2013-3619
SHA-256 | 053f49c7ce9d06183e2e95c537afe1b4294edda2d9cae4f58f2050c589d89f5b
IPMI 2.0 RAKP Remote SHA1 Password Hash Retrieval
Posted Sep 1, 2024
Authored by H D Moore, Dan Farmer | Site metasploit.com

This Metasploit module identifies IPMI 2.0-compatible systems and attempts to retrieve the HMAC-SHA1 password hashes of default usernames. The hashes can be stored in a file using the OUTPUT_FILE option and then cracked using hmac_sha1_crack.rb in the tools subdirectory as well hashcat (cpu) 0.46 or newer using type 7300.

tags | exploit
advisories | CVE-2013-4786
SHA-256 | 8500cf1712e679811989409a7d9e020413fe28dd6b3f573d4069a4bbbf87d3d6
IPMI 2.0 Cipher Zero Authentication Bypass Scanner
Posted Sep 1, 2024
Authored by H D Moore, Dan Farmer | Site metasploit.com

This Metasploit module identifies IPMI 2.0-compatible systems that are vulnerable to an authentication bypass vulnerability through the use of cipher zero.

tags | exploit, bypass
advisories | CVE-2013-4782
SHA-256 | 26e9ad81107fc09e95e82be07f34c04f0ca67ba5b75765817108fcc2774346df
SMB SID User Enumeration
Posted Sep 1, 2024
Authored by H D Moore | Site metasploit.com

Determine what users exist via brute force SID lookups. This Metasploit module can enumerate both local and domain accounts by setting ACTION to either LOCAL or DOMAIN.

tags | exploit, local
SHA-256 | 77cbfc30e62e0670d70f18ccb46be372903ba2631287e724023b2cf89f37795a
NTP Monitor List Scanner
Posted Aug 31, 2024
Authored by H D Moore | Site metasploit.com

This Metasploit module identifies NTP servers which permit "monlist" queries and obtains the recent clients list. The monlist feature allows remote attackers to cause a denial of service (traffic amplification) via spoofed requests. The more clients there are in the list, the greater the amplification.

tags | exploit, remote, denial of service, spoof
advisories | CVE-2013-5211
SHA-256 | a5bd2be6d6639dad2ac8a8c5aadde7826dba8b96423872299961fe6135ef827c
Telnet Service Encryption Key ID Overflow Detection
Posted Aug 31, 2024
Authored by H D Moore, Jaime Penalba | Site metasploit.com

Detect telnet services vulnerable to the encrypt option Key ID overflow (BSD-derived telnetd).

tags | exploit, overflow
systems | bsd
advisories | CVE-2011-4862
SHA-256 | 801a2a0bc2125f7e99eba56579ca138bcbadf4fa4fc437391f1bcb094a53e493
SNMP Community Login Scanner
Posted Aug 31, 2024
Authored by H D Moore | Site metasploit.com

This Metasploit module logs in to SNMP devices using common community names.

tags | exploit
advisories | CVE-1999-0508, CVE-1999-0516, CVE-1999-0517
SHA-256 | c3b32da7b3f73a2695ea0071176d4548e0e31cb363a8d8f25ea7e5071d7511bf
Veritas Backup Exec Windows Remote File Access
Posted Aug 31, 2024
Authored by H D Moore, temp66 | Site metasploit.com

This Metasploit module abuses a logic flaw in the Backup Exec Windows Agent to download arbitrary files from the system. This flaw was found by someone who wishes to remain anonymous and affects all known versions of the Backup Exec Windows Agent. The output file is in MTF format, which can be extracted by the NTKBUp program listed in the references section. To transfer an entire directory, specify a path that includes a trailing backslash.

tags | exploit, arbitrary
systems | windows
advisories | CVE-2005-2611
SHA-256 | 226940d66a9c4cacaf0a73b81c75fdaea375765b84cbee186b391bbf5c6295da
NetBIOS Response Brute Force Spoof
Posted Aug 31, 2024
Authored by H D Moore, TombKeeper, vvalien | Site metasploit.com

This Metasploit module continuously spams NetBIOS responses to a target for given hostname, causing the target to cache a malicious address for this name. On high-speed local networks, the PPSRATE value should be increased to speed up this attack. As an example, a value of around 30,000 is almost 100% successful when spoofing a response for a WPAD lookup. Distant targets may require more time and lower rates for a successful attack.

tags | exploit, local, spoof
SHA-256 | 4c46a17b6b28a0831bd545f008514748b910a2c34d2ae38a4055e1330ff321bc
Novell EDirectory DHOST Predictable Session Cookie
Posted Aug 31, 2024
Authored by H D Moore | Site metasploit.com

This Metasploit module is able to predict the next session cookie value issued by the DHOST web service of Novell eDirectory 8.8.5. An attacker can run this module, wait until the real administrator logs in, then specify the predicted cookie value to hijack their session.

tags | exploit, web
advisories | CVE-2009-4655
SHA-256 | 28766d01f38ae419f2e9cd76f297d8ac56df2a94fb287f8aae22c02263aa6efa
Samba Symlink Directory Traversal
Posted Aug 31, 2024
Authored by H D Moore, Kingcope | Site metasploit.com

This Metasploit module exploits a directory traversal flaw in the Samba CIFS server. To exploit this flaw, a writeable share must be specified. The newly created directory will link to the root filesystem.

tags | exploit, root
advisories | CVE-2010-0926
SHA-256 | da49454c5f849f765142c42e065734b0088421d4e93444a769a657b11fdb04af
NetBIOS Response BadTunnel Brute Force Spoof (NAT Tunnel)
Posted Aug 31, 2024
Authored by H D Moore, TombKeeper, vvalien | Site metasploit.com

This Metasploit module listens for a NetBIOS name request and then continuously spams NetBIOS responses to a target for given hostname, causing the target to cache a malicious address for this name. On high-speed networks, the PPSRATE value should be increased to speed up this attack. As an example, a value of around 30,000 is almost 100% successful when spoofing a response for a WPAD lookup. Distant targets may require more time and lower rates for a successful attack. This Metasploit module works when the target is behind a NAT gateway, since the stream of NetBIOS responses will keep the NAT mapping alive after the initial setup. To trigger the initial NetBIOS request to the Metasploit system, force the target to access a UNC link pointing to the same address (HTML, Office attachment, etc). This NAT-piercing issue was named the BadTunnel vulnerability by the discoverer, Yu Yang (@tombkeeper). The Microsoft patches (MS16-063/MS16-077) impact the way that the proxy host (WPAD) host is identified, but do change the predictability of NetBIOS requests.

tags | exploit, spoof
advisories | CVE-2016-3213, CVE-2016-3236
SHA-256 | d5dfa1bfa123e24ddb241e14436bdef941a832ae76b1f53bde9a4e4f19a2bd81
OpenSSL Heartbeat (Heartbleed) Client Memory Exposure
Posted Aug 31, 2024
Authored by H D Moore, Neel Mehta, Matti, Riku, Antti | Site metasploit.com

This Metasploit module provides a fake SSL service that is intended to leak memory from client systems as they connect. This Metasploit module is hardcoded for using the AES-128-CBC-SHA1 cipher.

tags | exploit
advisories | CVE-2014-0160
SHA-256 | 67d783fbcd4cde982f17f891681bce4e4ca4da2877dd80a91e898f0fdbf606ee
Fake DNS Service
Posted Aug 31, 2024
Authored by H D Moore, Dino A. Dai Zovi, fozavci | Site metasploit.com

This Metasploit module provides a DNS service that redirects all queries to a particular address.

tags | exploit
SHA-256 | 55a9c056ffd07d907378c0f767c8e83a9e26c6deeee3d9f5089ae2c8cdbf1041
Page 1 of 11
Back12345Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close