This exploit is based on the OLE Remote Code Execution vulnerability identified as MS14-060 (CVE-2014-4114). It creates a blank PowerPoint show (ppsx) file to exploit the vulnerability. The script will also create the INF file and an optional Meterpreter reverse_tcp executable with the -m switch. Alternatively, you can host your own exectuble payload. Host the INF and GIF (EXE) in an SMB share called 'share'.
The SR101 routers supplied by Sky Broadband are vulnerable to an offline dictionary attack if the WPA-PSK handshake is obtained by an attacker. The WPA-PSK pass phrase has the following features: Random, A to Z Uppercase only, 8 characters long, 208,827,064,576 possible combinations ( AAAAAAAA ? ZZZZZZZZ ) 26^8. We notified Sky Broadband about the problem in January 2014 yet Sky Broadband are still supplying customers with routers / modems that use this weak algorithm. We purchased a used rig in December 2013, comprising off: Windows 7, I3 Processor, 4GB RAM, 2TB Drive, Radeon HD 5850. We generated 26 dictionary files using ?mask processor? by ATOM, piping each letter out to its own file. Using our Radeon HD5850 on standard settings, we were hitting 80,000 keys per second. Breakdown: 26^8 = 208,827,064,576 ( 208 billion possible combinations ) 26^8 / 80,000 keys per second = 2,610,338 seconds 2,610,338 / 60 seconds = 43,505 minutes 43,505 / 60 minutes = 725 hours 725 hours / 24 hours = 30 Days
The vulnerability exists due to insufficient validation of HTTP request origin. A remote attacker can trick a logged-in administrator to visit a specially crafted webpage and change administratorβs password or execute arbitrary system commands on vulnerable system with privileges of the webserver.
A remote attacker can exploit this vulnerability by sending a specially crafted packet to the vulnerable application. The packet contains a malicious payload that will overwrite the stack buffer and execute arbitrary code. The attacker can then gain full control of the vulnerable system.
This exploit takes advantage of a buffer overflow vulnerability in Publish-It 3.6d. By opening a specially crafted .pui file with the 'Automatic Preview' option enabled, an attacker can trigger a stack-based buffer overflow, potentially allowing for remote code execution. The exploit is in the form of a .pui file named 'motiv.pui'.
Two SQL injection vulnerabilities in AuraCMS allow remote authenticated attackers to execute arbitrary SQL commands in the application's database. The first vulnerability (CVE-2014-1401) is due to insufficient validation of the 'search' parameter in the '/index.php' script. The second vulnerability is due to insufficient validation of certain HTTP headers in the '/index.php' script.
This module exploits a vulnerability found in Pandora FMS 5.0RC1 and lower. It will leverage an unauthenticated command injection in the Anyterm service on port 8023. Commands are executed as the user 'pandora'. In Pandora FMS 4.1 and 5.0RC1 the user 'artica' is not assigned a password by default, which makes it possible to su to this user from the 'pandora' user. The 'artica' user has access to sudo without a password, which makes it possible to escalate privileges to root. However, Pandora FMS 4.0 and lower force a password for the 'artica' user during installation.
It is possible to change specific values in the accounts database by an authenticated but not privileged user. This can be done by invoking the setPreference action.
This exploit takes advantage of the x32 ABI with recvmmsg vulnerability (CVE-2014-0038) in Linux 3.4+ kernels. The exploit allows an attacker to gain root privileges on the target system. The vulnerability is caused by a flaw in the recvmmsg system call, which can be exploited to escalate privileges.
This module exploits a file upload vulnerability found in Simple E-Document versions 3.0 to 3.1. Attackers can bypass authentication and abuse the upload feature in order to upload malicious PHP files which results in arbitrary remote code execution as the web server user. File uploads are disabled by default.
Services By CQR