This Metasploit modules scans for Dahua-based DVRs and then grabs settings. Optionally resets a users password and clears the device logs.
d683a8a28f0f90df138b2d6d657877bb3a080df3e5aa099aed5198bca4b0c59cThis Metasploit module exploits a flaw in the password reset mechanism in BMC TrackIt! 11.3 and possibly prior versions. If the password reset service is configured to use a domain administrator (which is the recommended configuration), then domain credentials can be reset (such as domain Administrator).
a7ccb5a05659f5e2d5a8a2656da3df1b76d134f385ed2af2ebd215f40f8e2be3This Metasploit module scans for HTTP servers that appear to be vulnerable to the Misfortune Cookie vulnerability which affects Allegro Software Rompager versions before 4.34 and can allow attackers to authenticate to the HTTP service as an administrator without providing valid credentials.
f5325c099a2a6f868b0add3ecba9e70079e5c190a18ffa2af11053a5503c9a99This Metasploit module can detect situations where there may be information disclosure vulnerabilities that occur when a Git repository is made available over HTTP.
f3fc66ff62ad13f3081bddfba7d9e771214b26ddbd974bf809d56a802a53e08cThis Metasploit module identifies NTP servers which permit "reslist" queries and obtains the list of restrictions placed on various network interfaces, networks or hosts. The reslist feature allows remote attackers to cause a distributed, reflected denial of service (aka, "DRDoS" or traffic amplification) via spoofed requests. The more interfaces, networks or hosts with specific restrictions, the greater the amplification. requests.
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855This Metasploit module identifies NTP servers which permit "PEER_LIST" queries and return responses that are larger in size or greater in quantity than the request, allowing remote attackers to cause a distributed, reflected denial of service (aka, "DRDoS" or traffic amplification) via spoofed requests.
9dfdd6362ada7e294f99ddd5c8abe65523f723f708642b5a832419873fc8e44bThis Metasploit module identifies NTP servers which permit mode 6 UNSETTRAP requests that can be used to conduct DRDoS attacks. In some configurations, NTP servers will respond to UNSETTRAP requests with multiple packets, allowing remote attackers to cause a distributed, reflected denial of service (aka, "DRDoS" or traffic amplification) via spoofed requests.
31621f3b6adf84cb730b81f9bedd0d5ea28c3b18ec44bdae7f848cc723eb9ddbThis Metasploit module identifies NTP servers which permit "PEER_LIST_SUM" queries and return responses that are larger in size or greater in quantity than the request, allowing remote attackers to cause a distributed, reflected denial of service (aka, "DRDoS" or traffic amplification) via spoofed requests.
273e8598ce4a789ce6d57d34e58ef98d7869ba325e655e50c1718bbe3ecde008This Metasploit module reads the system internal NTP variables. These variables contain potentially sensitive information, such as the NTP software version, operating system version, peers, and more.
e16cfa3e8bfd6d9000e68d4cbf6b3255490ec60c03ecb58123181f76af392248This Metasploit module identifies NTP servers which permit mode 6 REQ_NONCE requests that can be used to conduct DRDoS attacks. In some configurations, NTP servers will respond to REQ_NONCE requests with a response larger than the request, allowing remote attackers to cause a distributed, reflected denial of service (aka, "DRDoS" or traffic amplification) via spoofed requests.
7c04588bd861a077918678e95f126ec5037b6e8df43ffb7afd4db2bd791c1733Crypto-NAK packets can be used to cause ntpd to accept time from unauthenticated ephemeral symmetric peers by bypassing the authentication required to mobilize peer associations. This Metasploit module sends these Crypto-NAK packets in order to establish an association between the target ntpd instance and the attacking client. The end goal is to cause ntpd to declare the legitimate peers "false tickers" and choose the attacking clients as the preferred peers, allowing these peers to control time.
6e2bb149f0c9a147fad33b95c5cfbcc5e8373753ed367acdeb9fa2b34bc84d4aThis Metasploit module can be used to discover Memcached servers which expose the unrestricted UDP port 11211. A basic "stats" request is executed to check if an amplification attack is possible against a third party.
cb5539054159e5bd7eb5991e8ba1abaed61e1b1644670a36b4815d24c61a9cabDetect UDP endpoints with UDP amplification vulnerabilities.
4b266aac321033bf9bd912f59c5fbdf160afa5b657e7351b0616cbfb0a87e10bThis Metasploit module uses the A2S_INFO request to obtain information from a Steam server.
89416cc9f5e46168342e202b91b47b3ba9094801247b2522d376fc12181782f1This Metasploit module uses the getstatus or getinfo request to obtain information from a Quakeserver.
fd233ad07c22d603334cbcada818c4cd262bc96c7e0eafee383c9bd9e61e7adfThis Metasploit module uses the Kademlia BOOTSTRAP and PING messages to identify and extract information from Kademlia speaking UDP endpoints, typically belonging to eMule/eDonkey/BitTorrent servers or other P2P applications.
eba8248b7c5e0ccdd26ca05535b352545a47360c55fc0541e56ac36a0e461848This Metasploit module exploits HTTP servers that appear to be vulnerable to the Misfortune Cookie vulnerability which affects Allegro Software Rompager versions before 4.34 and can allow attackers to authenticate to the HTTP service as an administrator without providing valid credentials.
397a14e1799d7f29f991075a7b227de69b477aeefbd81dc616540afd824f32f9This Metasploit module performs a Denial of Service Attack against Datagram TLS in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h. This occurs when a DTLS ClientHello message has multiple fragments and the fragment lengths of later fragments are larger than that of the first, a buffer overflow occurs, causing a DoS.
3023cf9a58641d5922cae912d868a29c9ca9eb329848caceca34c97ea3b4b14aThis Metasploit module achieves persistence by executing payloads via at(1).
eec5ec5ef01a82dae2c5cd893e51333a0196cb32b3048342445a1aa8c944a00fThis Metasploit module exploits an authenticated privilege escalation vulnerability in the iControl API on the F5 BIG-IP LTM (and likely other F5 devices). This requires valid credentials and the Resource Administrator role. The exploit should work on BIG-IP 11.3.0 - 11.6.0, (11.5.x < 11.5.3 HF2 or 11.6.x < 11.6.0 HF6, see references for more details).
f329ba79799be3587e190db0a03ebd17f524e5bca267576582b6c1d628f1c3ceThis Metasploit module exploits CVE-2014-9390, which affects Git (versions less than 1.8.5.6, 1.9.5, 2.0.5, 2.1.4 and 2.2.1) and Mercurial (versions less than 3.2.3) and describes three vulnerabilities.
36d1712be284842da277dc56d61894ebadaefded1087a47ec4a5fe7a5c521ad3This Metasploit module exploits a pile of vulnerabilities in Adobe ColdFusion APSB13-03 including arbitrary command execution in scheduleedit.cfm (9.x only), directory traversal, and authentication bypass issues.
fc81458d632a151d75dbee734ef554512dc7bbdc7f0bfbae5d6c44fcafa675bfEthernet device drivers frame padding information leakage exploit.
9ae933732d77ccfa5d3fe1968e818678cd2d78a76c646d90e1bcc999d19d34b7Nortel SSL VPN Linux Client versions 6.0.3 and below local privilege escalation exploit.
9c95beab9a1a6800137bcdbd9e39045411aaf4de0ddea50b74e4cab410e371e1Cisco/Protego CS-MARS remote command execution and system compromise exploit that makes use of an insecure JBoss installation in CS-MARS versions below 4.2.1.
54fe66cacd7116d763993ab2281815e624610e13a10347c112c62d30699df620
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed