This Metasploit module exploits a password bypass vulnerability in MySQL in order to extract the usernames and encrypted password hashes from a MySQL server. These hashes are stored as loot for later cracking. Impacts MySQL versions: - 5.1.x before 5.1.63 - 5.5.x before 5.5.24 - 5.6.x before 5.6.6 And MariaDB versions: - 5.1.x before 5.1.62 - 5.2.x before 5.2.12 - 5.3.x before 5.3.6 - 5.5.x before 5.5.23.
e4032569995bd5ac99233c3cc5b3dcf8b3228b921415fd0e18c7acd6d8b4667eThe SMBLoris attack consumes large chunks of memory in the target by sending SMB requests with the NetBios Session Service(NBSS) Length Header value set to the maximum possible value. By keeping these connections open and initiating large numbers of these sessions, the memory does not get freed, and the server grinds to a halt. This vulnerability was originally disclosed by Sean Dillon and Zach Harding. DISCALIMER: This Metasploit module opens a lot of simultaneous connections. Please check your systems ULIMIT to make sure it can handle it. This Metasploit module will also run continuously until stopped.
3b62b3ed47ac0eea75e135130cfc0c18807acd5842d3195e3dd92869989b552bThis Metasploit module performs a Denial of Service Attack against Datagram TLS in OpenSSL version 0.9.8i and earlier. OpenSSL crashes under these versions when it receives a ChangeCipherspec Datagram before a ClientHello.
05418ed3c03396287c42e510c7ff652415886ee0d6face71a6516fb6e30d0ddeThis Metasploit module performs a Denial of Service Attack against the ISC DHCP server, versions 4.1 before 4.1.1-P1 and 4.0 before 4.0.2-P1. It sends out a DHCP Request message with a 0-length client_id option for an IP address on the appropriate range for the dhcp server. When ISC DHCP Server tries to hash this value it exits abnormally.
ba9a5d1214ff99e3e3422a52f1071968aadd8890883807556093d448e1ac9536This Metasploit module uses valid credentials to login to the WinRM service and execute a payload. It has two available methods for payload delivery: Powershell 2.0 and VBS CmdStager. The module will check if Powershell 2.0 is available, and if so uses that method. Otherwise it falls back to the VBS Cmdstager which is less stealthy. IMPORTANT: If targeting an x64 system with the Powershell method you MUST select an x64 payload. An x86 payload will never return.
058f6afb598d02e80da84c0e4ea89c3ba856e987c8c0b5e3601f4daf16120377This Metasploit module exploits a buffer overflow vulnerability found in the PORT command in Turbo FTP Server versions 1.30.823 and 1.30.826, which results in remote code execution under the context of SYSTEM.
abb8df5bd9e6fe13f397d60912333dbe638be84ba39c6009e9215a03bc909d53This Metasploit module exploits a stack buffer overflow in the site chmod command in versions of Serv-U FTP Server prior to 4.2. You must have valid credentials to trigger this vulnerability. Exploitation also leaves the service in a non-functional state.
6c1771fcd160c66448baf1b278f2e301aaf7d1815e249d6528222c340620cafeThis Metasploit module exploits an Authentication Bypass Vulnerability in RealVNC Server version 4.1.0 and 4.1.1. It sets up a proxy listener on LPORT and proxies to the target server The AUTOVNC option requires that vncviewer be installed on the attacking machine. This option should be disabled for Pro.
e04dfdae1c144c55bf3ae60b0db55de39d6d8b5d1ffc4b3506d87fa3c3c8e7c6This Metasploit module finds saved login credentials for the SmartFTP FTP client for windows.
97b107bd7fae0d3b8837548d34dcb302caadedc2441c45782f6a0584dc945b8bThe Cforms II plugin for WordPress suffers from a CAPTCHA bypass vulnerability.
9651927202406b32b942c8788261677321fc3d2a584e0a29325ea269b6706946Ricoh Aficio Web Image Monitor version 2.03 suffers from cross site scripting and redirection vulnerabilities.
9cb8a3f297c5e5664ca6551ba861cee32ff3b727dc04c87fa31e1cc0c6f6332f
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed