This Metasploit module exploits a vulnerability in the CA BrightStor Discovery Service. This vulnerability occurs when a specific type of request is sent to the TCP listener on port 41523. This vulnerability was discovered by cybertronic@gmx.net and affects all known versions of the BrightStor product. This Metasploit module is based on the 'cabrightstor_disco' exploit by Thor Doomen.
532219f28d50db309980d4c39dfa18dcf976499ccb5c9736a81297f410a80362This Metasploit module exploits a vulnerability in the CA BrightStor Discovery Service. This vulnerability occurs when a large request is sent to UDP port 41524, triggering a stack overflow.
cc02dcad9531e32e7473a4a7fa98929736e506792b9a193707c55a2b424bc463This is an exploit for the chunked encoding buffer overflow described in MS03-051 and originally reported by Brett Moore. This particular modules works against versions of Windows 2000 between SP0 and SP3. Service Pack 4 fixes the issue.
87fab5b32fdb6232a2161630eb76486145af6d237e5b23d3b403788baa5d0747This exploits a stack overflow in the IA WebMail server. This exploit has not been tested against a live system at this time.
1de7b76da90e3919943547d5532332cd36c98258b6de77f1e7d308ad54951310This Metasploit module exploits a stack overflow in Internet Explorer. This bug was patched in Windows 2000 SP4 and Windows XP SP1 according to MSRC.
5033e002a24ff1bb12912fdbd65bf54856f11e553edfa19caf2a0a3e7345e52dThis Metasploit module exploits a vulnerability in the data binding feature of Internet Explorer. In order to execute code reliably, this module uses the .NET DLL memory technique pioneered by Alexander Sotirov and Mark Dowd. This method is used to create a fake vtable at a known location with all methods pointing to our payload. Since the .text segment of the .NET DLL is non-writable, a prefixed code stub is used to copy the payload into a new memory segment and continue execution from there.
53c60ed102e30232619000346bbfebeb96526a4e990b06ce6a59725cc16ec53fThis exploits a buffer overflow in the LDAP service that is part of the IMail product. This Metasploit module was tested against version 7.10 and 8.5, both running on Windows 2000.
b4f794bccff29a6eb0d734b29a0e9d29ea74b7a89d2253dece12524d1517c0dfThis Metasploit module exploits a weak password vulnerability in the Lyris ListManager MSDE install. During installation, the 'sa' account password is set to 'lminstall'. Once the install completes, it is set to 'lyris' followed by the process ID of the installer. This Metasploit module brute forces all possible process IDs that would be used by the installer.
3e9967373a96f54cda01aebbcdc36aa78a953ebe39d847c90b4f728e4986cdd3This Metasploit module exploits a stack overflow in the MaxDB WebDBM service. This service is included with many recent versions of the MaxDB and SAPDB products. This particular module is capable of exploiting Windows systems through the use of an SEH frame overwrite. The offset to the SEH frame may change depending on where MaxDB has been installed, this module assumes a web root path with the same length as: C:\\Program Files\\sdb\\programs\\web\\Documents
ddfaa8c6118e77caf9e117e63cda2d90418cbdc78f05a4580f53a23a6e6acf0dThis is an exploit for the McAfee HTTP Server (NAISERV.exe). McAfee ePolicy Orchestrator 2.5.1 <= 3.5.0 and ProtectionPilot 1.1.0 are known to be vulnerable. By sending a large 'Source' header, the stack can be overwritten. This Metasploit module is based on the exploit by xbxice and muts. Due to size constraints, this module uses the Egghunter technique. You may wish to adjust WfsDelay appropriately.
4e64f2bde60479894b56b37f3ca9106dbfee008011c45a3a524a30225b19046bThis Metasploit module exploits a stack overflow flaw in the Microsoft IIS FTP service. The flaw is triggered when a special NLST argument is passed while the session has changed into a long directory path. For this exploit to work, the FTP server must be configured to allow write access to the file system (either anonymously or in conjunction with a real account).
c094b78d6e147658a438663b48e4c7ba9f181fadc79f720b680f049d27cc2bbbThis exploits a buffer overflow in NTDLL.dll on Windows 2000 through the SEARCH WebDAV method in IIS. This particular module only works against Windows 2000. It should have a reasonable chance of success against any service pack.
4caf806bf3d6f77c4656950f84e53b18fa51e99928ad15a38f88eb4cb5dc4dadThis Metasploit module exploits a stack overflow in the RPCSS service, this vulnerability was originally found by the Last Stage of Delirium research group and has bee widely exploited ever since. This Metasploit module can exploit the English versions of Windows NT 4.0 SP3-6a, Windows 2000, Windows XP, and Windows 2003 all in one request :)
6b1062b85247570ddb5362e034cb6be3d1be2f14dd236970e3ab1f279909588dThis Metasploit module exploits a stack overflow in the NetApi32 NetAddAlternateComputerName function using the Workstation service in Windows XP.
3a957a76c70de4e6ae21065e66dd7dbc255dc940f602d8dab44cb00038144a0aThis Metasploit module exploits a stack overflow in the LSASS service, this vulnerability was originally found by eEye. When re-exploiting a Windows XP system, you will need need to run this module twice. DCERPC request fragmentation can be performed by setting 'FragSize' parameter.
d1baeef5ba6b111771fa5d96efb4b64cd26d7afcd05bc41178efc9a7b7a52d22This Metasploit module exploits a buffer overflow in the Microsoft Windows SSL PCT protocol stack. This code is based on Johnny Cyberpunk's THC release and has been tested against Windows 2000 and Windows XP. To use this module, specify the remote port of any SSL service, or the port and protocol of an application that uses SSL. The only application protocol supported at this time is SMTP. You only have one chance to select the correct target, if you are attacking IIS, you may want to try one of the other exploits first (WebDAV). If WebDAV does not work, this more than likely means that this is either Windows 2000 SP4+ or Windows XP (IIS 5.0 vs IIS 5.1). Using the wrong target may not result in an immediate crash of the remote system.
ac057a3cda069d28dca0c494d2f34be73d1c4eeab49fc99c9b71b71226f4849eThis Metasploit module exploits a arbitrary memory write flaw in the WINS service. This exploit has been tested against Windows 2000 only.
85c23ae114221016947e1a2b1f0f56ddc35e424cb22d9bdbcb13848d698e7ea0This Metasploit module exploits a stack overflow in the RPC interface to the Microsoft Message Queueing service. The offset to the return address changes based on the length of the system hostname, so this must be provided via the 'HNAME' option. Much thanks to snort.org and Jean-Baptiste Marchand's excellent MSRPC website.
9ce703ad5c9bd75fcfef87c8bac1ae3c1fd17fdecd81546f34e40245d7b2d7cdThis Metasploit module exploits a stack overflow in the Windows Plug and Play service. This vulnerability can be exploited on Windows 2000 without a valid user account. Since the PnP service runs inside the service.exe process, a failed exploit attempt will cause the system to automatically reboot.
2d54b358ebb862c805c0f268e705e13f7bd6770f841069a133a28f5e460b2a4aThis Metasploit module exploits a vulnerability in the GDI library included with Windows XP and 2003. This vulnerability uses the 'Escape' metafile function to execute arbitrary code through the SetAbortProc procedure. This Metasploit module generates a random WMF record stream for each request.
86db9cc6a7d38fd5ac3353ce911cfa4cb32c5b51f03725a5e001c941eb2b3e42This Metasploit module exploits a code execution vulnerability in Microsoft Internet Explorer. Both IE6 and IE7 (Beta 2) are vulnerable. It will corrupt memory in a way, which, under certain circumstances, can lead to an invalid/corrupt table pointer dereference. EIP will point to a very remote, non-existent memory location. This Metasploit module is the result of merging three different exploit submissions and has only been reliably tested against Windows XP SP2. This vulnerability was independently discovered by multiple parties. The heap spray method used by this exploit was pioneered by Skylined.
cc7d3a0a5a7e5685948a23de177b0b8648ee1b05bb7f812884db09692b243c0fThis Metasploit module exploits a registry-based stack overflow in the Windows Routing and Remote Access Service. Since the service is hosted inside svchost.exe, a failed exploit attempt can cause other system services to fail as well. A valid username and password is required to exploit this flaw on Windows 2000. When attacking XP SP1, the SMBPIPE option needs to be set to 'SRVSVC'. Exploiting this flaw involves two distinct steps - creating the registry key and then triggering an overwrite based on a read of this key. Once the key is created, it cannot be recreated. This means that for any given system, you only get one chance to exploit this flaw. Picking the wrong target will require a manual removal of the following registry key before you can try again: HKEY_USERS\\\\.DEFAULT\\\\Software\\\\Microsoft\\\\RAS Phonebook
23ee569235c3874d89c2c84da0e57b5ca0d9fd9d118297399485cee1eebf336bThis Metasploit module exploits a stack overflow in the Windows Routing and Remote Access Service. Since the service is hosted inside svchost.exe, a failed exploit attempt can cause other system services to fail as well. A valid username and password is required to exploit this flaw on Windows 2000.
47054366204902bd94eaba8eae3d382f1284a1330486cc63fc5b83ed691498dfThis Metasploit module exploits a stack overflow in the NetApi32 CanonicalizePathName() function using the NetpwPathCanonicalize RPC call in the Server Service. It is likely that other RPC calls could be used to exploit this service. This exploit will result in a denial of service on on Windows XP SP2 or Windows 2003 SP1. A failed exploit attempt will likely result in a complete reboot on Windows 2000 and the termination of all SMB-related services on Windows XP. The default target for this exploit should succeed on Windows NT 4.0, Windows 2000 SP0-SP4+, Windows XP SP0-SP1 and Windows 2003 SP0.
f304ff367f431dfac7b97723e8ececdc2561af58e238d7424a938dd58f43af92This Metasploit module exploits a code execution vulnerability in Microsoft Internet Explorer using a buffer overflow in the VML processing code (VGX.dll). This Metasploit module has been tested on Windows 2000 SP4, Windows XP SP0, and Windows XP SP2.
dc3cd815cea490d0b9d3e5420cb08f039d38532b17c625f368c3079ec2fe492d
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed