Small write up describing how to do windows account password guessing using the WinScanX tool.
f871d8ad96c9073ef9b788626275cd2d20520b82d1814c4ca508fbc240803fc0WinScanX is a Windows enumeration utility featuring over 20 options including the ability to identify easy-to-guess Windows passwords, the ability to identify easy-to-guess SNMP community strings, and the ability to locate and decrypt WinVNC passwords. Includes an optional GUI front-end.
f9dbed28af952224082a4edc3d5bdbf2b0cf610bb56a3ac334b31ef7e6c366d0This Metasploit module exploits the buffer overflow found in the MKD command in IPSWITCH WS_FTP Server 5.03 discovered by Reed Arvin.
a02f6ac90722950f7cf9e9ec7de40ea0b4e16e7333b5eec50d5a521bbc791950PWDumpX version 1.1 allows a user with administrative privileges to retrieve the domain password cache, password hashes and LSA secrets from a Windows system. This tool can be used on the local system or on one or more remote systems. If an input list of remote systems is supplied, PWDumpX will attempt to obtain the domain password cache, the password hashes and the LSA secrets from each remote Windows system in a multi-threaded fashion (up to 64 systems simultaneously). The domain password cache, password hashes and LSA secrets from remote Windows systems are encrypted as they are transfered over the network. No data is sent over the network in clear text. This tool is a completely re-written version of CacheDump, PWDump3e and LSADump2 which integrates suggestions/bug fixes for PWDump3e and LSADump2 found on various web sites, etc. Source code included.
21b007f246e12a73e716385390d30923a19d359c42aec9b012653ebcd27303f1The PWDumpX tool allows a user with administrative privileges to retrieve the encrypted password hashes and LSA secrets from a Windows system. This tool can be used on the local system or on one or more remote systems.
78b4ff5e1bbac4a8bde265705a5c6e36b41bb2a9170f8f060a09bb1552549af2PWDumpX allows a user with administrative privileges to retrieve the domain password cache, password hashes and LSA secrets from a Windows system. This tool can be used on the local system or on one or more remote systems. If an input list of remote systems is supplied, PWDumpX will attempt to obtain the domain password cache, the password hashes and the LSA secrets from each remote Windows system in a multi-threaded fashion (up to 64 systems simultaneously). The domain password cache, password hashes and LSA secrets from remote Windows systems are encrypted as they are transfered over the network. No data is sent over the network in clear text. This tool is a completely re-written version of CacheDump, PWDump3e and LSADump2 which integrates suggestions/bug fixes for PWDump3e and LSADump2 found on various web sites, etc. Source code included.
38d449a11af56e57d1ca2b8bd6d718ffb60c28e19d2f99481dbeb583c28a1e0dNetBIOS Enumeration Utility (NBTEnum) is a utility for Windows that can be used to enumerate NetBIOS information from one host or a range of hosts. The enumerated information includes the network transports, NetBIOS name, account lockout threshold, logged on users, local groups and users, global groups and users, and shares. If run under the context of a valid user account additional information is enumerated including operating system information, services, installed programs, Auto Admin Logon information and encrypted WinVNC/RealVNC passwords. This utility will also perform password checking with the use of a dictionary file. Runs on Windows NT 4.0/2000/XP/2003. PERL source included.
b45e9b8f0dfd57e2ccef45caba51ab4a9a17ce8fc9154b6a7eaae3fb6e43d23c18 ways to escalate privileges in Zone Labs ZoneAlarm Security Suite build 6.1.744.000.
58f962ac238c6133586c48ff429444c47dea31886161594510684c0686e9bf7bMcAfee VirusScan Enterprise 8.0i (patch 11) and CMA 3.5 (patch 5) suffer from a privilege escalation vulnerability in the naPrdMgr.exe program. POC provided.
e2f1b1bdec4568e658224d179453848008ee5a72d9af96c39cff6fa848b0b16fA privilege escalation flaw exists in Network Associates ePolicy Orchestrator Agent 3.5.0 (patch 3). Exploitation details provided.
4a189c2e780a80f5f87fb463cff8a682acc537284c383163a446215361fa9becThe Linksys WLAN Monitor service (WLSVC) that is used to configure settings for various Linksys wireless network cards runs under the context of the LocalSystem account. It is possible to manipulate the administrative interface of the Linksys WLAN Monitor and escalate privileges to that of the LocalSystem account. Linksys WLAN Monitor version 2.0 is susceptible.
5d90e99cc7d09ce144cac0cd72259307db621dccdafb8d814216fa1cbd271982A buffer overflow in BusinessMail email server system 4.60.00 allows for a denial of service attack. Proof of concept exploit included.
e61c8d30334ddbd9c69cb79a6029b70f85e075638ce1f5ff51725124201c4044Logging into FTPshell server version 3.38 will cause the ftpshelld.exe process to die, resulting in a denial of service.
e23a09711cefeb6f0b7eec5f4e9503bbd0e0015aa9b837345d02aeb9944f7ddfInfradig Systems Inframail Advantage Server Edition 6.0 suffers from multiple buffer overflows. Sample denial of service exploits included.
cd59d12bf75d8aec56ea6a8072c48ba3ce996e13d31d3d676aa3b412afa39dd3A denial of service vulnerability exists in the True North Software IA eMailServer Corporate Edition version 5.2.2. Build: 1051. Input to the IMAP4 LIST command is not properly checked. Perl exploit provided.
c6a4487d3cf352e0cc68caba9961d47584d5dfcbf146b2cf528b97fd38c0685fA buffer overflow exists in KMiNT21 Software Golden FTP Server Pro version 2.52.
1a0a99671467a7f1942f1ac05379950a44c6102d6fa6190bdd51c998d91389cdGoodTech SMTP Server for Windows NT/2000/XP version 5.14 is susceptible to a denial of service vulnerability.
6a659a01652487edb2b466186a3c43617aa2cdf0f3ba1a1a514251ccb1c33cb8BulletProof FTP server version 2.4.0.31 local privilege escalation exploit that provides a shell with SYSTEM privileges.
bf0d2a596e4873cd8286ec7287c3700d618e721578db84e1ee1695e7faedd485Multiple buffer overflows exist in Mercury/32, version 4.01a, Dec 8 2003. There are 14 vulnerable commands that can be used to cause buffer overflows to occur. After a successful login to the mail server, if any of these commands are used with an overly long argument the application closes resulting in a denial of service.
3586a9a2da3960faf75dfa1bd395a4b043a451a29c220d2da63b7d880c6776b9Multiple buffer overflows exist in WS_FTP Server Version 5.03, 2004.10.14. There are four vulnerable commands that can be used to cause these buffer overflows. Three of the vulnerable commands can be used to stop the WS_FTP Server service resulting in a denial of service. The vulnerable commands are SITE, XMKD, MKD, and RNFR.
9489824c23ea54bc66e29683258b34ac29edea9addcf9e869e14e6f8c196a65cA local privilege escalation vulnerability exists with MDaemon 7.2 that allows a user to gain SYSTEM level access.
0bf2ceef32fcac791004f42845f98912b0a3b6b0da97801fcebb9b6068efaee7Altiris Deployment Solution 5.6 SP1 (Hotfix E) suffers from a privilege escalation flaw that allows for SYSTEM level access. Step by step exploitation given.
2eeeb547e723092ea08f4321e09bdaa44b9d7db09a51e44e2d576c63d5afa53bA privilege escalation technique can be used to gain SYSTEM level access while using the Mailtraq administration console. Mailtraq Version 2.6.1.1677 is vulnerable.
754a99a37c23e5ce9586839e1dbef857f90469878efeac14f8dd013ad62fd9e5A buffer overflow exists in DMS POP3 Server for Windows 2000/XP 1.5.3 build 37 and prior versions. Demonstration exploit included.
1b44dbca0b215e58195b7ccab58ff39ef302fbcfb6e5a9242f59b5d2f444e7c9
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed