April 6, 2020
  • 5:30 pm Kaboom – Automatic Pentest Bash Script
  • 8:26 pm Archery – A Security Tool
  • 2:51 pm Commix – Automated All-in-One OS command injection and exploitation tool
  • 12:28 pm RouterSploit – Exploitation Framework for Embedded Devices
  • 12:23 pm Dunkin Donuts Hacked & User Information Stolen

Title: SSHtranger Things Author: Mark E. Haase mhaase@hyperiongray.com Homepage: https://www.hyperiongray.com Date: 2019-01-17 CVE: CVE-2019-6111, CVE-2019-6110 Advisory: https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt Tested on: Ubuntu 18.04.1 LTS, OpenSSH client 7.6p1 We have nicknamed this “SSHtranger Things” because the bug is so old it could be exploited by an 8-bit Demogorgon. Tested on Python 3.6.7 and requires paramiko package. The server […]

READ MORE

################################ # Exploit Title: KPOT Botnet – File Download/Source Code Disclosure Vulnerability # Google Dork: n/a # Date: 26/11/2018 # Exploit Author: n4pst3r # Vendor Homepage: unkn0wn # Software Link: https://bhf.io/threads/515432/ # Version: unkn0wn # Tested on: Windows 10, debian 7 # CVE : n/a ################################ # Vuln-Code: download.php ################################ PoC:

READ MORE

This module exploits an unauthenticated command execution vulnerability in Apache Spark with standalone cluster mode through REST API. It uses the function CreateSubmissionRequest to submit a malious java class and trigger it.

READ MORE

Title: Dell OpenManage Network Manager Multiple Vulnerabilities Advisory ID: KL-001-2018-009 Publication Date: 2018.11.05 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2018-009.txt 1. Vulnerability Details Affected Vendor: Dell Affected Product: OpenManage Network Manager Affected Version: 6.2.0.51 SP3 Platform: Embedded Linux CWE Classification: CWE-285: Improper Authorization, CWE-284: Improper Access Control Impact: Privilege Escalation Attack vector: MySQL, HTTP CVE ID: CVE-2018-15767, CVE-2018-15768 2. […]

READ MORE

# Exploit Title: OOP CMS BLOG 1.0 – ‘search’ SQL Injection # Dork: N/A # Date: 2018-11-06 # Exploit Author: Ihsan Sencan # Vendor Homepage: http://zsoft.com.bd/ # Software Link: https://datapacket.dl.sourceforge.net/project/php-oop-cms-blog/blog_fo_rup.zip # Version: 1.0 # Category: Webapps # Tested on: WiN7_x64/KaLiLinuX_x64 # CVE: N/A # POC: # 1) # http://localhost/[PATH]/search.php?search=[SQL] # POC: # 2) # http://localhost/[PATH]/page.php?pageid=[SQL] […]

READ MORE

# Exploit Title: Mongo Web Admin 6.0 – Information Disclosure # Dork: N/A # Date: 2018-11-04 # Exploit Author: Ihsan Sencan # Vendor Homepage: http://www.mongoadmin.org/ # Software Link: https://netix.dl.sourceforge.net/project/mongo-web-admin/mongoDesktopAdminSetup-beta-6.exe # Version: 6.0 # Category: Webapps # Tested on: WiN7_x64/KaLiLinuX_x64 # CVE: N/A # POC: # 1) # Status/Protocol/Local host/Local port/Remote host/Remote port/PID/Process name # Established/TCP/127.0.0.1/6376/127.0.0.1/6393/4520/mongoDesktopAdmin […]

READ MORE

# Exploit Title: Apache OFBiz 16.11.04 – XML External Entity Injection # Date: 2018-10-15 # Exploit Author: Jamie Parfet # Vendor Homepage: https://ofbiz.apache.org/ # Software Link: https://archive.apache.org/dist/ofbiz/ # Version: < 16.11.04 # Tested on: Ubuntu 18.04.1 # CVE: N/A

READ MORE
microsoft

# Exploit Title: Windows 10 UAC Bypass by computerDefault # Date: 2018-10-18 # Exploit Author: Fabien DROMAS – Security consultant @ Synetis # Twitter: st0rnpentest # # Vendor Homepage: www.microsoft.com # Version: Version 10.0.17134.285 # Tested on: Windows 10 pro Version 10.0.17134.285

READ MORE

libSSH – Authentication Bypass

READ MORE

# Exploit Title: Time and Expense Management System 3.0 – Cross-Site Request Forgery (Add Admin) # Dork: N/A # Date: 2018-10-17 # Exploit Author: Ihsan Sencan # Vendor Homepage: http://www.initechs.com/ # Software Link: http://sourceforge.net/projects/tems/files/latest # Version: 3.0 # Category: Webapps # Tested on: WiN7_x64/KaLiLinuX_x64 # CVE: N/A # Description # Normal member has all rights. […]

READ MORE