Metasploit su OS X Mavericks

16 febbraio 2014 - Fonte: http://www.maxpalmari.it/blog
Vi riporto di seguito la procedura che ho seguito per installare Metasploit su Mavericks, completa di alcune soluzioni che ho adottato per errori che ho riscontrato in fase di installazione. Installiamo Command Line Tools (OSX 10.9): Installiamo il kit di sviluppo Java JDK: http://www.oracle.com/technetwork/java/javase/downloads Installiamo “Homebrew” : ruby -e "$(curl -fsSL https://raw.github.com/Homebrew/homebrew/go/install)" echo PATH=/usr/local/bin:/usr/local/sbin:$PATH >> […]...

Leggi il seguito »

WordPress Amerisale-Re Remote Shell Upload

31 gennaio 2014 - Fonte: http://www.mondounix.com
# Exploit Title : Wordpress amerisale-re Remote Shell Upload
# Exploit Author : T3rm!nat0r5
# Vendor Homepage : http://wordpress.org/
# Google Dork : inurl:/wp-content/plugins/amerisale-re
# Date : 2014/01/30
# Tested on : Windows 8 , Linux
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
 
require 'msf/core'
class Metasploit4 < Msf::Exploit::Remote
  Rank = ExcellentRanking
 
  include Msf::Exploit::Remote::HttpClient
 
  def initialize(info = {})
  super(update_info(info,
            'Name'           => 'Wordpress amerisale-re Plugin Remote
Shell Upload',
       'Description' => %q{
        This module exploits an arbitrary...

Leggi il seguito »

Mac OS X Sudo Password Bypass

27 agosto 2013 - Fonte: http://www.mondounix.com
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
#
# http://metasploit.com/
##
require 'shellwords'
 
class Metasploit3 < Msf::Exploit::Local
 
  # ManualRanking because it's going to modify system time
  # Even when it will try to restore things, user should use
  # it at his own risk
  Rank = NormalRanking
 
  include Msf::Post::Common
  include Msf::Post::File
  include Msf::Exploit::EXE
  include Msf::Exploit::FileDropper
 
  SYSTEMSETUP_PATH = "/usr/sbin/systemsetup"
  SUDOER_GROUP = "admin"
  VULNERABLE_VERSION_RANGES...

Leggi il seguito »

InstantCMS 1.6 Remote PHP Code Execution

8 luglio 2013 - Fonte: http://www.mondounix.com
require 'msf/core'
 
 
class Metasploit3 < Msf::Exploit::Remote
 
  Rank = ExcellentRanking
 
  include Msf::Exploit::Remote::HttpClient
 
  def initialize(info = {})
    super(update_info(info,
      'Name'           => 'InstantCMS 1.6 Remote PHP Code Execution',
      'Description'    => %q{
        This module exploits an arbitrary php command execution vulnerability, because of a
        dangerous use of eval(), in InstantCMS versions 1.6.
      },
      'Author'         =>
        [
          'AkaStep', # Vulnerability discovery and PoC
          'Ricardo Jorge Borges de Almeida <ricardojba1[at]gmail.com>', # Metasploit module
          'juan vazquez' # Metasploit module
      ...

Leggi il seguito »

ZPanel zsudo Local Privilege Escalation

26 giugno 2013 - Fonte: http://www.mondounix.com
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
#   http://metasploit.com/
##
 
require 'msf/core'
require 'rex'
require 'msf/core/post/common'
require 'msf/core/post/file'
require 'msf/core/post/linux/priv'
require 'msf/core/exploit/exe'
 
 
class Metasploit4 < Msf::Exploit::Local
  Rank = ExcellentRanking
 
  include Msf::Exploit::EXE
  include Msf::Post::File
  include Msf::Post::Common
 
  def initialize(info={})
    super( update_info( info, {
        'Name'          => 'ZPanel zsudo Local Privilege Escalation Exploit',
        'Description'...

Leggi il seguito »

Novell Client 2 SP3 nicm.sys Local Privilege Escalation

26 giugno 2013 - Fonte: http://www.mondounix.com
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
#   http://metasploit.com/
##
 
require 'msf/core'
require 'rex'
require 'msf/core/post/common'
require 'msf/core/post/windows/priv'
 
class Metasploit3 < Msf::Exploit::Local
  Rank = AverageRanking
 
  include Msf::Post::Common
  include Msf::Post::Windows::Priv
 
  def initialize(info={})
    super(update_info(info, {
      'Name'           => 'Novell Client 2 SP3 nicm.sys Local Privilege Escalation',
      'Description'    => %q{
        This module exploits a flaw in the nicm.sys driver...

Leggi il seguito »

Havalite CMS Arbitary File Upload

26 giugno 2013 - Fonte: http://www.mondounix.com
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
#   http://metasploit.com/framework/
##
 
require 'msf/core'
 
class Metasploit3 < Msf::Exploit::Remote
  Rank = ExcellentRanking
 
  include Msf::Exploit::Remote::HttpClient
  include Msf::Exploit::PhpEXE
 
  def initialize(info={})
    super(update_info(info,
      'Name'           => "Havalite CMS Arbitary File Upload Vulnerability",
      'Description'    => %q{
        This module exploits a file upload vulnerability found in Havalite CMS 1.1.7, and
        possibly prior....

Leggi il seguito »

FreeBSD 9 Address Space Manipulation Privilege Escalation

26 giugno 2013 - Fonte: http://www.mondounix.com
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
#   http://metasploit.com/
##
 
require 'msf/core'
 
class Metasploit4 < Msf::Exploit::Local
  Rank = GreatRanking
 
  include Msf::Exploit::EXE
  include Msf::Post::Common
  include Msf::Post::File
  include Msf::Exploit::FileDropper
 
  def initialize(info={})
    super( update_info( info, {
        'Name'          => 'FreeBSD 9 Address Space Manipulation Privilege Escalation',
        'Description'   => %q{
          This module exploits a vulnerability that can be used to modify portions...

Leggi il seguito »

AVE.CMS 2.09 Blind SQL Injection

24 maggio 2013 - Fonte: http://www.mondounix.com
#!/usr/bin/env python
 
import urllib, sys, time
 
#######################################################################################
# Exploit Title: AVE.CMS <= 2.09 - Remote Blind SQL Injection Exploit
# Date: 23/05/2013
# Author: mr.pr0n (@_pr0n_)
# Homepage: http://ghostinthelab.wordpress.com/
# Vendor Homepage: http://www.overdoze.ru/
# Software Link: websvn.avecms.ru/listing.php?repname=AVE.cms+2.09
# Version: V2.09 and 2.09RC2
# Tested on: Linux Debian 2.6.32-5-686
# Description: The "module" parameter is vulnerable to Blind SQL Injection.
# Solution : Update to newest version.
#######################################################################################
 
print "+----------------------------------------------------------+"
print...

Leggi il seguito »

vBulletin 5b SQL Injection

24 maggio 2013 - Fonte: http://www.mondounix.com
#!/usr/bin/perl
###################################################################################
#                                                           Satuday, March 30, 2013
#
#
#
#                    _  _  .__                .__               
#                 __| || |_|  |   ____   ____ |__| ____   ____  
#                 \   __   /  | _/ __ \ / ___\|  |/  _ \ /    \ 
#                  |  ||  ||  |_\  ___// /_/  >  (  <_> )   |  \
#                 /_  ~~  _\____/\___  >___  /|__|\____/|___|  /
#                   |_||_|           \/_____/                \/
#                                    http://www.zempirians.com
#
#          00100011 01101100 01100101 01100111 01101001 01101111 01101110
#
#
#...

Leggi il seguito »