exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 15 of 15 RSS Feed

Files from Heyder Andrade

Email addressheyder at alligatorteam.org
First Active2011-08-21
Last Active2024-09-01
Apache Tomcat User Enumeration
Posted Sep 1, 2024
Authored by Leandro Oliveira, Heyder Andrade | Site metasploit.com

This Metasploit module enumerates Apache Tomcats usernames via malformed requests to j_security_check, which can be found in the web administration package. It should work against Tomcat servers 4.1.0 - 4.1.39, 5.5.0 - 5.5.27, and 6.0.0 - 6.0.18. Newer versions no longer have the "admin" package by default. The admin package is no longer provided for Tomcat 6 and later versions.

tags | exploit, web
advisories | CVE-2009-0580
SHA-256 | ddc9c4c9f598773b8e0921e7125f71bd3f5c7f1793c0f1c17a1adfd1577b0e43
Apache Mod_userdir User Enumeration
Posted Sep 1, 2024
Authored by Heyder Andrade | Site metasploit.com

Apache with the UserDir directive enabled generates different error codes when a username exists and there is no public_html directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the.

tags | exploit, remote
advisories | CVE-2001-1013
SHA-256 | d25e9a67049055f81042dd2292f1622716d32f4d233ae7066e8e8047391634a4
SMTP User Enumeration Utility
Posted Sep 1, 2024
Authored by Heyder Andrade, nebulus | Site metasploit.com

The SMTP service has two internal commands that allow the enumeration of users: VRFY (confirming the names of valid users) and EXPN (which reveals the actual address of users aliases and lists of e-mail (mailing lists)). Through the implementation of these SMTP commands can reveal a list of valid users.

tags | exploit
advisories | CVE-1999-0531
SHA-256 | 3a076e1802bf0287cf31ba73080df8903791e03d6e20085d5549687768f3b726
Microsoft IIS 6.0 ASP Stack Exhaustion Denial of Service
Posted Aug 31, 2024
Authored by Leandro Oliveira, Heyder Andrade | Site metasploit.com

The vulnerability allows remote unauthenticated attackers to force the IIS server to become unresponsive until the IIS service is restarted manually by the administrator. Required is that Active Server Pages are hosted by the IIS and that an ASP script reads out a Post Form value.

tags | exploit, remote, asp
advisories | CVE-2010-1899
SHA-256 | 9edbe875f33f8abbbd70b40b78b0b3ee2f256cdbfd08ccf58b9ba2cabbd67558
Splunk edit_user Capability Privilege Escalation
Posted Oct 27, 2023
Authored by Heyder Andrade, RedWay Security, Santiago Lopez | Site metasploit.com

Splunk suffers from an issue where a low-privileged user who holds a role that has the edit_user capability assigned to it can escalate their privileges to that of the admin user by providing a specially crafted web request. This is because the edit_user capability does not honor the grantableRoles setting in the authorize.conf configuration file, which prevents this scenario from happening. This exploit abuses this vulnerability to change the admin password and login with it to upload a malicious app achieving remote code execution.

tags | exploit, remote, web, code execution
advisories | CVE-2023-32707
SHA-256 | 7181dfaec2f1f7eb973d6e9ba2bc3a477b83011115b041d9cb0b9ad5e441fc41
GitLab GitHub Repo Import Deserialization Remote Code Execution
Posted Feb 15, 2023
Authored by Heyder Andrade, William Bowling, RedWay Security | Site metasploit.com

An authenticated user can import a repository from GitHub into GitLab. If a user attempts to import a repo from an attacker-controlled server, the server will reply with a Redis serialization protocol object in the nested default_branch. GitLab will cache this object and then deserialize it when trying to load a user session, resulting in remote code execution.

tags | exploit, remote, code execution, protocol
advisories | CVE-2022-2992
SHA-256 | 01b86153e9b59cbce82f32a07b24098f2267f0bddf0bec3fcf3243c9d0b7d820
Fortinet FortiOS / FortiProxy / FortiSwitchManager Authentication Bypass
Posted Oct 19, 2022
Authored by Heyder Andrade, Zach Hanley | Site metasploit.com

This Metasploit module exploits an authentication bypass vulnerability in the Fortinet FortiOS, FortiProxy, and FortiSwitchManager API to gain access to a chosen account and then adds an SSH key to the authorized_keys file of the chosen account, allowing you to login to the system with the chosen account. Successful exploitation results in remote code execution.

tags | exploit, remote, code execution, bypass
advisories | CVE-2022-40684
SHA-256 | 818eeb4d404c8cde2ab69451948a6037ca08bef60e2be65eb6fe9ed9d7ef0e7d
JBOSS EAP/AS 6.x Remote Code Execution
Posted Jul 12, 2022
Authored by Heyder Andrade, Marcio Almeida, Joao Matos | Site metasploit.com

An unauthenticated attacker with network access to the JBOSS EAP/AS versions 6.x and below Remoting Unified Invoker interface can send a serialized object to the interface to execute code on vulnerable hosts.

tags | exploit
SHA-256 | 4bfb5f55643ee08ae8c9999d9fa55d6d1af99c180f30e402f0089770ca5d6712
F5 BIG-IP iControl Remote Code Execution
Posted May 12, 2022
Authored by Alt3kx, Ron Bowes, Heyder Andrade, James Horseman | Site metasploit.com

This Metasploit module exploits an authentication bypass vulnerability in the F5 BIG-IP iControl REST service to gain access to the admin account, which is capable of executing commands through the /mgmt/tm/util/bash endpoint. Successful exploitation results in remote code execution as the root user.

tags | exploit, remote, root, code execution, bash, bypass
advisories | CVE-2022-1388
SHA-256 | bb3a5bef34f53053f0da7eec9cad038bc4f47a0997b2e9cd601a17a1f034a0ad
Apache APISIX Remote Code Execution
Posted Mar 7, 2022
Authored by Heyder Andrade, YuanSheng Wang | Site metasploit.com

Apache APISIX has a default, built-in API token that can be used to obtain full access of the admin API. Access to this API allows for remote LUA code execution through the script parameter added in the 2.x version. This module also leverages another vulnerability to bypass th e IP restriction plugin.

tags | exploit, remote, code execution
advisories | CVE-2020-13945, CVE-2022-24112
SHA-256 | 75f7fd4db82a985948b400b9686ffc05f654d453b228621992abd5bb2505add2
Ignition Remote Code Execution
Posted Feb 16, 2022
Authored by Heyder Andrade, ambionics | Site metasploit.com

Ignition versions prior to 2.5.2, as used in Laravel and other products, allows unauthenticated remote attackers to execute arbitrary code because of insecure usage of file_get_contents() and file_put_contents(). This is exploitable on sites using debug mode with Laravel before 8.4.2.

tags | exploit, remote, arbitrary
advisories | CVE-2021-3129
SHA-256 | 1a428973d57b49630c03761c229ad5f2989539e00fde683c743407e8d561d597
Google Chrome 21.0.1180.57 NULL Pointer
Posted Mar 14, 2013
Authored by Heyder Andrade

Google Chrome versions 21.0.1180.57 and below suffer from a NULL pointer vulnerability in InspectDataSource::StartDataRequest.

tags | exploit
SHA-256 | 922f2c1e74a32dc38ee0d67c6334a31517da282683a2f06192b0fea1c6e5da62
Polycom Web Management Interface Command Injection
Posted Mar 5, 2012
Authored by Heyder Andrade, Joao Paulo Caldas Campello | Site tempest.com.br

The Polycom web management interface on model G3/HDX 8000 HD suffers from a remote command injection vulnerability.

tags | exploit, remote, web
SHA-256 | edd85665d7b90ac56ede22daa681765beb0fda23fc185dbf676283c9186e6397
Polycom Web Management Interface Directory Traversal
Posted Mar 5, 2012
Authored by Heyder Andrade, Joao Paulo Caldas Campello | Site tempest.com.br

The Polycom web management interface on model G3/HDX 8000 HD suffers from a directory traversal vulnerability.

tags | exploit, web
SHA-256 | 318900245c518a8794796a8f52d7da21d13c57f032476a863283f40f224062c0
WordPress Block-Spam-By-Math-Reloaded Plugin Bypass
Posted Aug 21, 2011
Authored by Tiago Ferreira, Heyder Andrade | Site metasploit.com

WordPress authentication brute force and user enumeration utility for Metasploit.

tags | exploit
advisories | CVE-2009-2335, OSVDB-55713
SHA-256 | 53dfbc1d57cd5b6f8db8a14f4805dbb9ee5be66043bb48948f6bbf77a879d57d
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    69 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close