Security
Headlines
HeadlinesLatestCVEs

Tag

#git

Juniper SSH Backdoor Scanner

This Metasploit module scans for the Juniper SSH backdoor (also valid on Telnet). Any username is required, and the password is <<< %s(un=%s) = %u.

Packet Storm
#js#git#backdoor#auth#ssh#telnet
Apache Karaf Default Credentials Command Execution

This Metasploit module exploits a default misconfiguration flaw on Apache Karaf versions 2.x-4.x. The karaf user has a known default password, which can be used to login to the SSH service, and execute operating system commands from remote.

Eaton Xpert Meter SSH Private Key Exposure Scanner

Eaton Power Xpert Meters running firmware below version 12.x.x.x or below version 13.3.x.x ship with a public/private key pair that facilitate remote administrative access to the devices. Tested on: Firmware 12.1.9.1 and 13.3.2.10.

SSH Username Enumeration

This Metasploit module uses a malformed packet or timing attack to enumerate users on an OpenSSH server. The default action sends a malformed (corrupted) SSH_MSG_USERAUTH_REQUEST packet using public key authentication (must be enabled) to enumerate users. On some versions of OpenSSH under some configurations, OpenSSH will return a "permission denied" error for an invalid user faster than for a valid user, creating an opportunity for a timing attack to enumerate users. Testing note: invalid users were logged, while valid users were not. YMMV.

Fortinet SSH Backdoor Scanner

This Metasploit module scans for the Fortinet SSH backdoor.

MySQL Authentication Bypass Password Dump

This Metasploit module exploits a password bypass vulnerability in MySQL in order to extract the usernames and encrypted password hashes from a MySQL server. These hashes are stored as loot for later cracking. Impacts MySQL versions: - 5.1.x before 5.1.63 - 5.5.x before 5.5.24 - 5.6.x before 5.6.6 And MariaDB versions: - 5.1.x before 5.1.62 - 5.2.x before 5.2.12 - 5.3.x before 5.3.6 - 5.5.x before 5.5.23.

DNS Amplification Scanner

This Metasploit module can be used to discover DNS servers which expose recursive name lookups which can be used in an amplification attack against a third party.

Novell ZENworks Configuration Management Preboot Service Remote File Access

This Metasploit module exploits a directory traversal in the ZENworks Configuration Management. The vulnerability exists in the Preboot service and can be triggered by sending a specially crafted PROXY_CMD_FTP_FILE (opcode 0x21) packet to the 998/TCP port. This Metasploit module has been successfully tested on Novell ZENworks Configuration Management 10 SP2 and SP3 over Windows.

Ray Sharp DVR Password Retriever

This Metasploit module takes advantage of a protocol design issue with the Ray Sharp based DVR systems. It is possible to retrieve the username and password through the TCP service running on port 9000. Other brands using this platform and exposing the same issue may include Swann, Lorex, Night Owl, Zmodo, URMET, and KGuard Security.

Dahua DVR Authentication Bypass Scanner

This Metasploit modules scans for Dahua-based DVRs and then grabs settings. Optionally resets a users password and clears the device logs.