what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 46 RSS Feed

Files from Michael Messner

Email addressmichael.messner at integralis.com
First Active2010-05-26
Last Active2024-09-01
D-Link User-Agent Backdoor Scanner
Posted Sep 1, 2024
Authored by Craig Heffner, Michael Messner, juan vazquez | Site metasploit.com

This Metasploit module attempts to find D-Link devices running Alphanetworks web interfaces affected by the backdoor found on the User-Agent header. This Metasploit module has been tested successfully on a DIR-100 device with firmware version v1.13.

tags | exploit, web
SHA-256 | efeab64a2c3b15be8d9ef8a9a4512d08c15268b3a979db52689b008670fee189
D-Link DIR 645 Password Extractor
Posted Aug 31, 2024
Authored by Michael Messner, Roberto Paleari | Site metasploit.com

This Metasploit module exploits an authentication bypass vulnerability in DIR 645 < v1.03. With this vulnerability you are able to extract the password for the remote management.

tags | exploit, remote, bypass
SHA-256 | 7fe8b8b74336f5dc7dd1fec74d9b8ce3315a1065aebd43f4c022aa9e9817bb7b
Netgear Unauthenticated SOAP Password Extractor
Posted Aug 31, 2024
Authored by h00die, Michael Messner, Peter Adkins | Site metasploit.com

This Metasploit module exploits an authentication bypass vulnerability in different Netgear devices. It allows you to extract the password for the remote management interface.

tags | exploit, remote, bypass
SHA-256 | 6ec21b301158f8e8563ec1fe1e9c6b675e162a88cdc41ce6a56f70fa586ab250
D-Link DSL 320B Password Extractor
Posted Aug 31, 2024
Authored by Michael Messner | Site metasploit.com

This Metasploit module exploits an authentication bypass vulnerability in D-Link DSL 320B less than or equal tov1.23. This vulnerability allows to extract the credentials for the remote management interface.

tags | exploit, remote, bypass
SHA-256 | 46b12d46c687aab16789fe43c6f1a2ff95ae781adbba6ee2c13bae048f23ea0c
Linksys WRT120N TmUnblock Stack Buffer Overflow
Posted Aug 31, 2024
Authored by Craig Heffner, Michael Messner | Site metasploit.com

This Metasploit module exploits a stack-based buffer overflow vulnerability in the WRT120N Linksys router to reset the password of the management interface temporarily to an empty value. This Metasploit module has been tested successfully on a WRT120N device with firmware version 1.0.07.

tags | exploit, overflow
SHA-256 | 8c48cc9aba6358bbaaaa868166dc5b29ae82fbde8cfb579604b70ce724082f81
D-Link Cookie Command Execution
Posted Jul 17, 2015
Authored by Michael Messner, Peter Adkins | Site metasploit.com

This Metasploit module exploits an anonymous remote upload and code execution vulnerability on different D-Link devices. The vulnerability is a command injection in the cookie handling process of the lighttpd web server when handling specially crafted cookie values. This Metasploit module has been successfully tested on D-Link DSP-W110A1_FW105B01 in emulated environment.

tags | exploit, remote, web, code execution
SHA-256 | 0775e7d0aff2f6e2825635c995a83bb54708fc9752c08058d2dc8f04aed2e87c
Realtek SDK Miniigd UPnP SOAP Command Execution
Posted May 29, 2015
Authored by Michael Messner, Ricky Lawshae | Site metasploit.com

Different devices using the Realtek SDK with the miniigd daemon are vulnerable to OS command injection in the UPnP SOAP interface. Since it is a blind OS command injection vulnerability, there is no output for the executed command. This Metasploit module has been tested successfully on a Trendnet TEW-731BR router with emulation.

tags | exploit
advisories | CVE-2014-8361
SHA-256 | a727354d03f176b35f63aa0ffc5bb38a19701e52b268455eadf7ca7c31e71bff
Airties login-cgi Buffer Overflow
Posted May 29, 2015
Authored by Michael Messner, Batuhan Burakcin | Site metasploit.com

This Metasploit module exploits a remote buffer overflow vulnerability on several Airties routers. The vulnerability exists in the handling of HTTP queries to the login cgi with long redirect parameters. The vulnerability doesn't require authentication. This Metasploit module has been tested successfully on the AirTies_Air5650v3TT_FW_1.0.2.0.bin firmware with emulation. Other versions such as the Air6372, Air5760, Air5750, Air5650TT, Air5453, Air5444TT, Air5443, Air5442, Air5343, Air5342, Air5341, Air5021 are also reported as vulnerable.

tags | exploit, remote, web, overflow, cgi
SHA-256 | e3284b80df8a49e84fe10eeeefb856090ee5b49ba6f62e629a9763e62071ed9a
D-Link/TRENDnet NCC Service Command Injection
Posted Apr 16, 2015
Authored by Michael Messner, Peter Adkins, Tiago Caetano Henriques | Site metasploit.com

This Metasploit module exploits a remote command injection vulnerability on several routers. The vulnerability exists in the ncc service, while handling ping commands. This Metasploit module has been tested on a DIR-626L emulated environment only. Several D-Link and TRENDnet devices are reported as affected, including: D-Link DIR-626L (Rev A) v1.04b04, D-Link DIR-636L (Rev A) v1.04, D-Link DIR-808L (Rev A) v1.03b05, D-Link DIR-810L (Rev A) v1.01b04, D-Link DIR-810L (Rev B) v2.02b01, D-Link DIR-820L (Rev A) v1.02B10, D-Link DIR-820L (Rev A) v1.05B03, D-Link DIR-820L (Rev B) v2.01b02, D-Link DIR-826L (Rev A) v1.00b23, D-Link DIR-830L (Rev A) v1.00b07, D-Link DIR-836L (Rev A) v1.01b03, and TRENDnet TEW-731BR (Rev 2) v2.01b01

tags | exploit, remote
advisories | CVE-2015-1187
SHA-256 | 35d9cdabfd053fc6c2ff7f2de254f832a73dc49048156c4f453d8ba4b3f21bc9
Belkin Play N750 login.cgi Buffer Overflow
Posted Mar 24, 2015
Authored by Michael Messner, Marco Vaz | Site metasploit.com

This Metasploit module exploits a remote buffer overflow vulnerability on Belkin Play N750 DB Wireless Dual-Band N+ Router N750 routers. The vulnerability exists in the handling of HTTP queries with long 'jump' parameters addressed to the /login.cgi URL, allowing remote unauthenticated attackers to execute arbitrary code. This Metasploit module was tested in an emulated environment, using the version 1.10.16.m of the firmware.

tags | exploit, remote, web, overflow, arbitrary, cgi
advisories | CVE-2014-1635
SHA-256 | 164f73d50b085d0c2335092e7f16da683c66b3f7e546e57619eee75d165cbf97
Fritz!Box Webcm Unauthenticated Command Injection
Posted Apr 7, 2014
Authored by Michael Messner, Fabian Braeunlein | Site metasploit.com

Different Fritz!Box devices are vulnerable to an unauthenticated OS command injection. This Metasploit module was tested on a Fritz!Box 7270 from the LAN side. The vendor reported the following devices vulnerable: 7570, 7490, 7390, 7360, 7340, 7330, 7272, 7270, 7170 Annex A A/CH, 7170 Annex B English, 7170 Annex A English, 7140, 7113, 6840 LTE, 6810 LTE, 6360 Cable, 6320 Cable, 5124, 5113, 3390, 3370, 3272, 3270

tags | exploit
SHA-256 | 3c9438ad3242628774c0c9001c0fa55a918947a138a8407300ecd933463e3bf5
Linksys E-Series TheMoon Remote Command Injection
Posted Apr 5, 2014
Authored by Michael Messner, Rew, juan vazquez, infodox, Johannes Ullrich | Site metasploit.com

Some Linksys E-Series Routers are vulnerable to an unauthenticated OS command injection. This vulnerability was used from the so called "TheMoon" worm. There are many Linksys systems that might be vulnerable including E4200, E3200, E3000, E2500, E2100L, E2000, E1550, E1500, E1200, E1000, E900. This Metasploit module was tested successfully against an E1500 v1.0.5.

tags | exploit, worm
SHA-256 | 8562df406cf3a664284fb32daf860dcc7c4a95b65db2f358b2abed16cc85d646
Raidsonic NAS Devices Unauthenticated Remote Command Execution
Posted Sep 23, 2013
Authored by Michael Messner, juan vazquez | Site metasploit.com

Different Raidsonic NAS devices are vulnerable to OS command injection via the web interface. The vulnerability exists in timeHandler.cgi, which is accessible without authentication. This Metasploit module has been tested with the versions IB-NAS5220 and IB-NAS4220. Since this module is adding a new user and modifying the inetd daemon configuration, this module is set to ManualRanking and could cause target instability.

tags | exploit, web, cgi
advisories | OSVDB-90221
SHA-256 | 349e9ccfce89a895bc88301a928728a68a24c672b6744b743b04b03f181ca743
D-Link Devices UPnP SOAP Telnetd Command Execution
Posted Sep 17, 2013
Authored by Michael Messner, juan vazquez | Site metasploit.com

Various D-Link Routers are vulnerable to OS command injection in the UPnP SOAP interface. This Metasploit module has been tested successfully on DIR-300, DIR-600, DIR-645, DIR-845 and DIR-865. According to the vulnerability discoverer, more D-Link devices may be affected.

tags | exploit
advisories | OSVDB-94924
SHA-256 | 52a628392ec5ee753541865f4aca6952fbf591c9999c1f65fb1b299552915715
D-Link Devices Unauthenticated Remote Command Execution
Posted Aug 9, 2013
Authored by Michael Messner, juan vazquez | Site metasploit.com

Different D-Link Routers are vulnerable to OS command injection via the web interface. The vulnerability exists in command.php, which is accessible without authentication. This Metasploit module has been tested with the versions DIR-600 2.14b01, DIR-300 rev B 2.13. Two target are included, the first one starts a telnetd service and establish a session over it, the second one runs commands via the CMD target. There is no wget or tftp client to upload an elf backdoor easily. According to the vulnerability discoverer, more D-Link devices may affected.

tags | exploit, web, php
advisories | OSVDB-89861
SHA-256 | 8a06110527ae3c72725545cc043ee9d4ea6e4d06ff5b64679ba754e17db95b66
D-Link Devices Unauthenticated Remote Command Execution
Posted Aug 8, 2013
Authored by Michael Messner, juan vazquez | Site metasploit.com

Different D-Link Routers are vulnerable to OS command injection via the web interface. The vulnerability exists in tools_vct.xgi, which is accessible with credentials. This Metasploit module has been tested with the versions DIR-300 rev A v1.05 and DIR-615 rev D v4.13. Two target are included, the first one starts a telnetd service and establish a session over it, the second one runs commands via the CMD target. There is no wget or tftp client to upload an elf backdoor easily. According to the vulnerability discoverer, more D-Link devices may affected.

tags | exploit, web
advisories | OSVDB-92698
SHA-256 | 9d58ec6df990b7786634d5c2bda806a6512ca58a1d498965975b3ba04c0ab5c4
D-Link Devices UPnP SOAP Command Execution
Posted Jul 23, 2013
Authored by Michael Messner, juan vazquez | Site metasploit.com

Different D-Link Routers are vulnerable to OS command injection in the UPnP SOAP interface. Since it is a blind OS command injection vulnerability, there is no output for the executed command when using the CMD target. Additionally, two targets are included, to start a telnetd service and establish a session over it, or deploy a native mipsel payload. This Metasploit module has been tested successfully on DIR-300, DIR-600, DIR-645, DIR-845 and DIR-865. According to the vulnerability discoverer, more D-Link devices may affected.

tags | exploit
advisories | OSVDB-94924
SHA-256 | 01d435ac6d062114f47621077e0eb7f0d7eaf8b4b14cc6838696243a3e34377f
D-Link UPnP OS Command Injection
Posted Jul 8, 2013
Authored by Michael Messner

D-Link devices DIR-300 rev B, DIR-600 rev B, DIR-645, DIR-845, and DIR-865 suffer from a remote command injection vulnerability. The vulnerability is caused due to missing input validation in different XML parameters.

tags | exploit, remote
SHA-256 | 45b06bd652acac11c15608f66dea0133730d0c898dc986726de440ece8669b91
Linksys X3000 Cross Site Scripting / Command Execution
Posted Jun 24, 2013
Authored by Michael Messner

Linksys X3000 with firmware version 1.0.03 build 001 suffers from cross site scripting and remote command injection vulnerabilities.

tags | exploit, remote, vulnerability, xss
SHA-256 | 9c441bf0e5c4abc193de4dc4b9a32d21f52156309d5de56f97d5e1c801f09e64
Linksys WRT160n apply.cgi Remote Command Injection
Posted May 21, 2013
Authored by Michael Messner, juan vazquez | Site metasploit.com

Some Linksys Routers are vulnerable to an authenticated OS command injection on their web interface where default credentials are admin/admin or admin/password. Since it is a blind OS command injection vulnerability, there is no output for the executed command when using the cmd generic payload. This Metasploit module has been tested on a Linksys WRT160n version 2 - firmware version v2.0.03. A ping command against a controlled system could be used for testing purposes. The exploit uses the tftp client from the device to stage to native payloads from the command injection.

tags | exploit, web
advisories | OSVDB-90093
SHA-256 | f9f09e58e33c3c7939cc2ed16b2c26b3cc52e2b7e29498141ef9d035fec7d9f7
D-Link DIR615h OS Command Injection
Posted May 20, 2013
Authored by Michael Messner, juan vazquez | Site metasploit.com

Some D-Link Routers are vulnerable to an authenticated OS command injection on their web interface, where default credentials are admin/admin or admin/password. Since it is a blind os command injection vulnerability, there is no output for the executed command when using the cmd generic payload. This Metasploit module was tested against a DIR-615 hardware revision H1 - firmware version 8.04. A ping command against a controlled system could be used for testing purposes. The exploit uses the wget client from the device to convert the command injection into an arbitrary payload execution.

tags | exploit, web, arbitrary
advisories | OSVDB-90174
SHA-256 | aad8c5ca69c9c88e6afefcbe2b486142c3227a0b49c91b9a4e140ec39830afb7
D-Link DSL-320B Authentication Bypass / Cross Site Scripting
Posted May 6, 2013
Authored by Michael Messner

D-Link DSL-320B suffers from persistent cross site scripting and multiple authentication bypass bypass vulnerabilities.

tags | exploit, vulnerability, xss, bypass
SHA-256 | 39f8eb0877b4a1479fcf473272af42277ef75ed9a0c42219a8756b0d491a8ad4
D-Link DIR-635 Cross Site Request Forgery / Cross Site Scripting
Posted Apr 26, 2013
Authored by Michael Messner

D-Link DIR-635 suffers from cross site request forgery and multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
SHA-256 | 9f5aeb25f45b5c7859957c04d42fa54170e29e93b7f0b36b152822e378687b11
D-Link DIR-615 / DIR-300 XSS / CSRF / Command Injection / Insecure Crypto
Posted Apr 23, 2013
Authored by Michael Messner

D-Link DIR-615 and DIR-300 suffer from cross site request forgery, OS command injection, lack of cryptographic storage, header injection, and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
SHA-256 | d92d1912f11dbbae5692e74866d76e755ce2c196d6f9a7fa689ae37251fd787e
Netgear DGN2200B pppoe.cgi Remote Command Execution
Posted Apr 20, 2013
Authored by Michael Messner, juan vazquez | Site metasploit.com

Some Netgear Routers are vulnerable to an authenticated OS command injection on their web interface. Default credentials for the web interface are admin/admin or admin/password. Since it is a blind os command injection vulnerability, there is no output for the executed command when using the cmd generic payload. A ping command against a controlled system could be used for testing purposes. This Metasploit module overwrites parts of the PPOE configuration, while the module tries to restore it after exploitation configuration backup is recommended.

tags | exploit, web
advisories | OSVDB-90320
SHA-256 | 91dc01de9600bf71b1bfb0fa39d3c499055961c38a5e9d02115d91d6d11e4a4d
Page 1 of 2
Back12Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close