exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 80 RSS Feed

Files from Karn Ganeshen

Email addresskarnganeshen at gmail.com
First Active2010-02-05
Last Active2024-09-01
PocketPAD Login Bruteforce Force Utility
Posted Sep 1, 2024
Authored by Karn Ganeshen | Site metasploit.com

This Metasploit module scans for PocketPAD login portal, and performs a login bruteforce attack to identify valid credentials.

tags | exploit
SHA-256 | 6d0f4bff5b8014dcb33ba5fb9fc7c79847f53b034420ec4dd15d8637bbcb8584
InfoVista VistaPortal Application Bruteforce Login Utility
Posted Sep 1, 2024
Authored by Karn Ganeshen | Site metasploit.com

This Metasploit module attempts to scan for InfoVista VistaPortal Web Application, finds its version and performs login brute force to identify valid credentials.

tags | exploit, web
SHA-256 | 988a25a91ec5ad89fac76dcea1a6f311b0572b6b6646957ee931ee76d8973e13
Oracle ILO Manager Login Brute Force Utility
Posted Sep 1, 2024
Authored by Karn Ganeshen | Site metasploit.com

This Metasploit module scans for Oracle Integrated Lights Out Manager (ILO) login portal, and performs a login brute force attack to identify valid credentials.

tags | exploit
SHA-256 | 005ee9252b6b898747ac11640f9281ae714b72b248964250e52cc46aa69e2a75
Cambium EPMP 1000 Ping Command Injection
Posted Sep 1, 2024
Authored by Karn Ganeshen | Site metasploit.com

This Metasploit module exploits an OS Command Injection vulnerability in Cambium ePMP 1000 (<v2.5) device management portal. It requires any one of the following login credentials - admin/admin, installer/installer, home/home - to execute arbitrary system commands.

tags | exploit, arbitrary
SHA-256 | b93785a449ad38017240b00d0972f852a7711ec6c79aed758af2044256455c1f
EtherPAD Duo Login Bruteforce Utility
Posted Sep 1, 2024
Authored by Karn Ganeshen | Site metasploit.com

This Metasploit module scans for EtherPAD Duo login portal, and performs a login bruteforce attack to identify valid credentials.

tags | exploit
SHA-256 | 5b08b79d78435d7b19085b9bfec6075eb5093f11b68f923725b1ed014d85321e
Cambium EPMP 1000 Account Password Reset
Posted Sep 1, 2024
Authored by Karn Ganeshen | Site metasploit.com

This Metasploit module exploits an access control vulnerability in Cambium ePMP device management portal. It requires any one of the following non-admin login credentials - installer/installer, home/home - to reset password of other existing user(s) including admin. All versions less than or equal to3.5 are affected. This Metasploit module works on versions 3.0-3.5-RC7.

tags | exploit
advisories | CVE-2017-5254
SHA-256 | 956f2fe0af3391b41c4ba29545c942e1168defdca0fa714c74890ac611b33384
RFCode Reader Web Interface Login / Bruteforce Utility
Posted Sep 1, 2024
Authored by Karn Ganeshen | Site metasploit.com

This Metasploit module simply attempts to login to a RFCode Reader web interface. Please note that by default there is no authentication. In such a case, password brute force will not be performed. If there is authentication configured, the module will attempt to find valid login credentials and capture device information.

tags | exploit, web
SHA-256 | 2bebb43ed7e3c7afb31c6a515dcd02ee4a3a173a63ba555a06a6d7d1740c7a9e
Meteocontrol WEBlog Password Extractor
Posted Sep 1, 2024
Authored by Karn Ganeshen | Site metasploit.com

This Metasploit module exploits an authentication bypass vulnerability in Meteocontrol WEBLog appliances (software version < May 2016 release) to extract Administrator password for the device management portal.

tags | exploit, bypass
advisories | CVE-2016-2296, CVE-2016-2298
SHA-256 | d93c088abc0e3aba59a5a03a43b8b57830fee0e8f25c25fecb18e0546ee066f7
Sentry Switched CDU Bruteforce Login Utility
Posted Sep 1, 2024
Authored by Karn Ganeshen | Site metasploit.com

This Metasploit module scans for ServerTechs Sentry Switched CDU (Cabinet Power Distribution Unit) web login portals, and performs login brute force to identify valid credentials.

tags | exploit, web
SHA-256 | ea9a49f43b18efdec70397195d549a5898b68c47aa21c2551cd1058b7efb808c
Binom3 Web Management Login Scanner, Config And Password File Dump
Posted Sep 1, 2024
Authored by Karn Ganeshen | Site metasploit.com

This Metasploit module scans for Binom3 Multifunctional Revenue Energy Meter and Power Quality Analyzer management login portal(s), and attempts to identify valid credentials. There are four (4) default accounts - root/root, admin/1, alg/1, user/1. In addition to device config, root user can also access password file. Other users - admin, alg, user - can only access configuration file. The module attempts to download configuration and password files depending on the login user credentials found.

tags | exploit, root
advisories | CVE-2017-5162
SHA-256 | bcab8ec22cea914c0a70c4455d9181411a735536e8211c52497c14b6f63cdc3d
OpenMind Message-OS Portal Login Brute Force Utility
Posted Sep 1, 2024
Authored by Karn Ganeshen | Site metasploit.com

This Metasploit module scans for OpenMind Message-OS provisioning web login portal, and performs a login brute force attack to identify valid credentials.

tags | exploit, web
SHA-256 | 28480da105e7aa249ae3a2817a7fb69f5cd9b5986973631805327c9c32624fc3
Cisco Ironport Bruteforce Login Utility
Posted Sep 1, 2024
Authored by Karn Ganeshen | Site metasploit.com

This Metasploit module scans for Cisco Ironport SMA, WSA and ESA web login portals, finds AsyncOS versions, and performs login brute force to identify valid credentials.

tags | exploit, web
systems | cisco
SHA-256 | 19d08d4f5b105944f70b819c179403363836a5d079c1223718e0f4bb91836bf6
Cambium EPMP 1000 Get_chart Command Injection
Posted Sep 1, 2024
Authored by Karn Ganeshen | Site metasploit.com

This Metasploit module exploits an OS Command Injection vulnerability in Cambium ePMP 1000 (v3.1-3.5-RC7) device management portal. It requires any one of the following login credentials - admin/admin, installer/installer, home/home - to execute arbitrary system commands.

tags | exploit, arbitrary
advisories | CVE-2017-5255
SHA-256 | 92a4864129aa26347a88ded4b4b8081bee53367dd7caa7d96beb8dcd80e518ed
SevOne Network Performance Management Application Brute Force Login Utility
Posted Sep 1, 2024
Authored by Karn Ganeshen | Site metasploit.com

This Metasploit module scans for SevOne Network Performance Management System Application, finds its version, and performs login brute force to identify valid credentials.

tags | exploit
SHA-256 | 5a7279046e193862f8e56a0f233f88011983f4d1be98b5e56194d2a05ba841bd
Cambium EPMP 1000 Ping Password Hash Extractor
Posted Sep 1, 2024
Authored by Karn Ganeshen | Site metasploit.com

This Metasploit module exploits an OS Command Injection vulnerability in Cambium ePMP 1000 (<v2.5) device management portal. It requires any one of the following login credentials - admin/admin, installer/installer, home/home - to dump system hashes.

tags | exploit
SHA-256 | a9c4f891ba35670965cbd8f6e5b470df2c52034fe81dac01b6ae9de45c939769
Radware AppDirector Bruteforce Login Utility
Posted Sep 1, 2024
Authored by Karn Ganeshen | Site metasploit.com

This Metasploit module scans for Radware AppDirectors web login portal, and performs login brute force to identify valid credentials.

tags | exploit, web
SHA-256 | 06be4d3b7aacdc65c359d439b5b7fed02d8b06ee7fa5627c57d94a1ea6709f9f
Cambium CnPilot R200/r201 Login Scanner And Config Dump
Posted Sep 1, 2024
Authored by Karn Ganeshen | Site metasploit.com

This Metasploit module scans for Cambium cnPilot r200/r201 management login portal(s), attempts to identify valid credentials, and dump device configuration. The device has at least two (2) users - admin and user. Due to an access control vulnerability, it is possible for user account to access full device config. All information, including passwords, and keys, is stored insecurely, in clear-text form, thus allowing unauthorized admin access to any user.

tags | exploit
advisories | CVE-2017-5260
SHA-256 | d31132b302a58be7536cbcd0797d373163a704589e02303f4892827ccbf43ce2
Carlo Gavazzi Energy Meters Login Brute Force, Extract Info And Dump Plant Database
Posted Sep 1, 2024
Authored by Karn Ganeshen | Site metasploit.com

This Metasploit module scans for Carlo Gavazzi Energy Meters login portals, performs a login brute force attack, enumerates device firmware version, and attempt to extract the SMTP configuration. A valid, admin privileged user is required to extract the SMTP password. In some older firmware versions, the SMTP config can be retrieved without any authentication. The module also exploits an access control vulnerability which allows an unauthenticated user to remotely dump the database file EWplant.db. This db file contains information such as power/energy utilization data, tariffs, and revenue statistics. Vulnerable firmware versions include - VMU-C EM prior to firmware Version A11_U05 and VMU-C PV prior to firmware Version A17.

tags | exploit
advisories | CVE-2017-5146
SHA-256 | 3a2fe6ae241d7bc770da540bcb83abdb83c648d4574baa5d27bd2bc789842598
Cambium EPMP 1000 Login Scanner
Posted Sep 1, 2024
Authored by Karn Ganeshen | Site metasploit.com

This Metasploit module scans for Cambium ePMP 1000 management login portal(s), and attempts to identify valid credentials. Default login credentials are - admin/admin, installer/installer, home/home and readonly/readonly.

tags | exploit
SHA-256 | bda3bfb0162577241e9df8396f867a3570d76ffac171cda6fc1d9d680111df49
Satel Iberia SenNet Data Logger And Electricity Meters Command Injection
Posted Aug 31, 2024
Authored by Karn Ganeshen | Site metasploit.com

This Metasploit module exploits an OS Command Injection vulnerability in Satel Iberia SenNet Data Loggers and Electricity Meters to perform arbitrary command execution as root.

tags | exploit, arbitrary, root
advisories | CVE-2017-6048
SHA-256 | 5df4a9c4167f240a3d070d03d8d0e146532998c8387bae034befc386cfb709d1
Cambium CnPilot R200/r201 Command Execution
Posted Aug 31, 2024
Authored by Karn Ganeshen | Site metasploit.com

Cambium cnPilot r200/r201 device software versions 4.2.3-R4 to 4.3.3-R4, contain an undocumented, backdoor root shell. This shell is accessible via a specific url, to any authenticated user. The module uses this shell to execute arbitrary system commands as root.

tags | exploit, arbitrary, shell, root
advisories | CVE-2017-5259
SHA-256 | cce7da9c26f8e8caf232905b3e36a9ab132e3adc8e18feeb48e4f97de90a8cef
Cambium CnPilot R200/r201 File Path Traversal
Posted Aug 31, 2024
Authored by Karn Ganeshen | Site metasploit.com

This Metasploit module exploits a File Path Traversal vulnerability in Cambium cnPilot r200/r201 to read arbitrary files off the file system. Affected versions - 4.3.3-R4 and prior.

tags | exploit, arbitrary
advisories | CVE-2017-5261
SHA-256 | 25789dadd8ff6d96aa27621f32e6f7a3a787924a0b8e5b0e36fc86a7a94f1f27
Apache ZooKeeper Information Disclosure
Posted Aug 31, 2024
Authored by Karn Ganeshen | Site metasploit.com

Apache ZooKeeper server service runs on TCP 2181 and by default, it is accessible without any authentication. This Metasploit module targets Apache ZooKeeper service instances to extract information about the system environment, and service statistics.

tags | exploit, tcp
SHA-256 | f9b240045784798cc72ff0698945798f2aa501f213900a5c9466f36f732cc260
Cambium ePMP1000 2.5 Command Injection
Posted Dec 29, 2017
Authored by Karn Ganeshen | Site metasploit.com

This Metasploit module exploits an OS Command Injection vulnerability in Cambium ePMP1000 device management portal. It requires any one of the following login credentials - admin/admin, installer/installer, home/home - to set up a reverse netcat shell.

tags | exploit, shell
SHA-256 | 80ffaf7cb462642699e6294696050604e8ce8895cc84c13a29c4668c10b20da4
Cambium ePMP1000 3.1-3.5-RC7 Command Injection
Posted Dec 29, 2017
Authored by Karn Ganeshen | Site metasploit.com

This Metasploit module exploits an OS Command Injection vulnerability in Cambium ePMP1000 device management portal. It requires any one of the following login credentials - admin/admin, installer/installer, home/home - to set up a reverse netcat shell. The module has been tested on versions 3.1-3.5-RC7.

tags | exploit, shell
advisories | CVE-2017-5255
SHA-256 | 19c3372a730e1d8d0af6219db6b006294c0a1e69708189476bc93f45950021eb
Page 1 of 4
Back1234Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    0 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    0 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close