Section: .. / 0911-exploits /

Page 10 of 18
<< 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 >> Files 225 - 250 of 449

Currently sorted by: File Name Sort By: Last Modified, File Size

/// File Name:	ms02_039_slammer.rb.txt
Description:	This is an exploit for the SQL Server 2000 resolution service buffer overflow. This overflow is triggered by sending a udp packet to port 1434 which starts with 0x04 and is followed by long string terminating with a colon and a number. This Metasploit module should work against any vulnerable SQL Server 2000 or MSDE install (pre-SP3).
Author:	H D Moore
Homepage:	http://www.metasploit.com
File Size:	2659
Related OSVDB(s):	4578
Related CVE(s):	CVE-2002-0649
Last Modified:	Oct 30 17:02:23 2009
MD5 Checksum:	aefc402bff82ed6effa9174fe4f05a77

/// File Name:	ms02_056_hello.rb.txt
Description:	By sending malformed data to TCP port 1433, an unauthenticated remote attacker could overflow a buffer and possibly execute code on the server with SYSTEM level privileges. This Metasploit module should work against any vulnerable SQL Server 2000 or MSDE install (< SP3).
Author:	MC
Homepage:	http://www.metasploit.com
File Size:	2415
Related OSVDB(s):	10132
Related CVE(s):	CVE-2002-1123
Last Modified:	Nov 25 19:34:53 2009
MD5 Checksum:	b978975bb39bf702fd179843c0ed10c2

/// File Name:	ms03_007_ntdll_webdav.rb.txt
Description:	This exploits a buffer overflow in NTDLL.dll on Windows 2000 through the SEARCH WebDAV method in IIS. This particular module only works against Windows 2000. It should have a reasonable chance of success against any service pack.
Author:	H D Moore
Homepage:	http://www.metasploit.com
File Size:	4615
Related OSVDB(s):	4467
Related CVE(s):	CVE-2003-0109
Last Modified:	Nov 25 19:34:53 2009
MD5 Checksum:	fac9caf7a3035465d5d3c93b68184afc

/// File Name:	ms03_020_ie_objecttype.rb.txt
Description:	This Metasploit module exploits a vulnerability in Internet Explorer's handling of the OBJECT type attribute.
Author:	skape
Homepage:	http://www.metasploit.com
File Size:	3142
Related OSVDB(s):	2967
Related CVE(s):	CVE-2003-0344
Last Modified:	Nov 25 19:34:53 2009
MD5 Checksum:	d53d57fe5e180d621413bb31c7b3f342

/// File Name:	ms03_026_dcom.rb.txt
Description:	This Metasploit module exploits a stack overflow in the RPCSS service, this vulnerability was originally found by the Last Stage of Delirium research group and has bee widely exploited ever since. This Metasploit module can exploit the English versions of Windows NT 4.0 SP3-6a, Windows 2000, Windows XP, and Windows 2003 all in one request :)
Author:	H D Moore,cazz,spoonm
Homepage:	http://www.metasploit.com
File Size:	6662
Related OSVDB(s):	2100
Related CVE(s):	CVE-2003-0352
Last Modified:	Nov 25 19:34:53 2009
MD5 Checksum:	0e8c891f65d0c275b901a86b6cebc95d

/// File Name:	ms03_049_netapi.rb.txt
Description:	This Metasploit module exploits a stack overflow in the NetApi32 NetAddAlternateComputerName function using the Workstation service in Windows XP.
Author:	H D Moore
Homepage:	http://www.metasploit.com
File Size:	2803
Related OSVDB(s):	11461
Related CVE(s):	CVE-2003-0812
Last Modified:	Nov 25 19:34:53 2009
MD5 Checksum:	ea4f686fb538ac66a66f102c872d636a

/// File Name:	ms04_007_killbill.rb.txt
Description:	This is an exploit for a previously undisclosed vulnerability in the bit string decoding code in the Microsoft ASN.1 library. This vulnerability is not related to the bit string vulnerability described in eEye advisory AD20040210-2. Both vulnerabilities were fixed in the MS04-007 patch. You are only allowed one attempt with this vulnerability. If the payload fails to execute, the LSASS system service will crash and the target system will automatically reboot itself in 60 seconds. If the payload succeeeds, the system will no longer be able to process authentication requests, denying all attempts to login through SMB or at the console. A reboot is required to restore proper functioning of an exploited system. This exploit has been successfully tested with the win32/*/reverse_tcp payloads, however a few problems were encounted when using the equivalent bind payloads. Your mileage may vary.
Author:	Solar Eclipse
Homepage:	http://www.metasploit.com
File Size:	7825
Related OSVDB(s):	3902
Related CVE(s):	CVE-2003-0818
Last Modified:	Nov 25 19:34:53 2009
MD5 Checksum:	4e417beb7a5d0d2ab86d8e944de79bf6

/// File Name:	ms04_011_lsass.rb.txt
Description:	This Metasploit module exploits a stack overflow in the LSASS service, this vulnerability was originally found by eEye. When re-exploiting a Windows XP system, you will need need to run this module twice. DCERPC request fragmentation can be performed by setting 'FragSize' parameter.
Author:	H D Moore
Homepage:	http://www.metasploit.com
File Size:	4548
Related OSVDB(s):	5248
Related CVE(s):	CVE-2003-0533
Last Modified:	Nov 25 19:34:53 2009
MD5 Checksum:	70709884db691b00a5f83e02c46451e1

/// File Name:	ms04_011_pct.rb.txt
Description:	This Metasploit module exploits a buffer overflow in the Microsoft Windows SSL PCT protocol stack. This code is based on Johnny Cyberpunk's THC release and has been tested against Windows 2000 and Windows XP. To use this module, specify the remote port of any SSL service, or the port and protocol of an application that uses SSL. The only application protocol supported at this time is SMTP. You only have one chance to select the correct target, if you are attacking IIS, you may want to try one of the other exploits first (WebDAV). If WebDAV does not work, this more than likely means that this is either Windows 2000 SP4+ or Windows XP (IIS 5.0 vs IIS 5.1). Using the wrong target may not result in an immediate crash of the remote system.
Author:	H D Moore
Homepage:	http://www.metasploit.com
File Size:	4224
Related OSVDB(s):	5250
Related CVE(s):	CVE-2003-0719
Last Modified:	Nov 25 19:34:53 2009
MD5 Checksum:	eb7d6cb9c2d3c0098ad3e22f55fe4c52

/// File Name:	ms04_031_netdde.rb.txt
Description:	This Metasploit module exploits a stack overflow in the NetDDE service, which is the precursor to the DCOM interface. This exploit effects only operating systems released prior to Windows XP SP1 (2000 SP4, XP SP0). Despite Microsoft's claim that this vulnerability can be exploited without authentication, the NDDEAPI pipe is only accessible after successful authentication.
Author:	Pusscat
Homepage:	http://www.metasploit.com
File Size:	2561
Related OSVDB(s):	10689
Related CVE(s):	CVE-2004-0206
Last Modified:	Nov 25 19:34:53 2009
MD5 Checksum:	9b025b23453841c969d4b4cbc72b769c

/// File Name:	ms04_045_wins.rb.txt
Description:	This Metasploit module exploits a arbitrary memory write flaw in the WINS service. This exploit has been tested against Windows 2000 only.
Author:	H D Moore
Homepage:	http://www.metasploit.com
File Size:	5114
Related OSVDB(s):	12378
Related CVE(s):	CVE-2004-1080
Last Modified:	Nov 25 19:34:53 2009
MD5 Checksum:	79e4ef46355d20b3f60db428e6bbcefe

/// File Name:	ms05_017_msmq.rb.txt
Description:	This Metasploit module exploits a stack overflow in the RPC interface to the Microsoft Message Queueing service. The offset to the return address changes based on the length of the system hostname, so this must be provided via the 'HNAME' option. Much thanks to snort.org and Jean-Baptiste Marchand's excellent MSRPC website.
Author:	H D Moore
Homepage:	http://www.metasploit.com
File Size:	4434
Related OSVDB(s):	15458
Related CVE(s):	CVE-2005-0059
Last Modified:	Nov 25 19:34:53 2009
MD5 Checksum:	17069e45c5e565921dbd828c75bdb9d0

/// File Name:	ms05_030_nntp.rb.txt
Description:	This Metasploit module exploits a stack overflow in the news reader of Microsoft Outlook Express.
Author:	MC
Homepage:	http://www.metasploit.com
File Size:	2165
Related OSVDB(s):	17306
Related CVE(s):	CVE-2005-1213
Last Modified:	Nov 25 19:34:53 2009
MD5 Checksum:	d78648a4b2fd5ee831fe64a092f3c34f

/// File Name:	ms05_039_pnp.rb.txt
Description:	This Metasploit module exploits a stack overflow in the Windows Plug and Play service. This vulnerability can be exploited on Windows 2000 without a valid user account. Since the PnP service runs inside the service.exe process, a failed exploit attempt will cause the system to automatically reboot.
Author:	H D Moore,cazz
Homepage:	http://www.metasploit.com
File Size:	5494
Related OSVDB(s):	18605
Related CVE(s):	CVE-2005-1983
Last Modified:	Nov 25 19:34:53 2009
MD5 Checksum:	f770e4061d7f00b95aae877d9361d78d

/// File Name:	ms06_001_wmf_setabortproc.rb.txt
Description:	This Metasploit module exploits a vulnerability in the GDI library included with Windows XP and 2003. This vulnerability uses the 'Escape' metafile function to execute arbitrary code through the SetAbortProc procedure. This Metasploit module generates a random WMF record stream for each request.
Author:	H D Moore,O600KO78RUS,san
Homepage:	http://www.metasploit.com
File Size:	4759
Related OSVDB(s):	21987
Related CVE(s):	CVE-2005-4560
Last Modified:	Nov 25 19:34:53 2009
MD5 Checksum:	003e9bbed43629f932698d7a8fd4ac62

/// File Name:	ms06_013_createtextrange.rb.txt
Description:	This Metasploit module exploits a code execution vulnerability in Microsoft Internet Explorer. Both IE6 and IE7 (Beta 2) are vulnerable. It will corrupt memory in a way, which, under certain circumstances, can lead to an invalid/corrupt table pointer dereference. EIP will point to a very remote, non-existent memory location. This Metasploit module is the result of merging three different exploit submissions and has only been reliably tested against Windows XP SP2. This vulnerability was independently discovered by multiple parties. The heap spray method used by this exploit was pioneered by Skylined.
Author:	Darkeagle,Faithless,H D Moore,justfriends4n0w
Homepage:	http://www.metasploit.com
File Size:	5413
Related OSVDB(s):	24050
Related CVE(s):	CVE-2006-1359
Last Modified:	Nov 25 19:34:53 2009
MD5 Checksum:	220be404cd291d992369fff0dad37322

/// File Name:	ms06_025_rasmans_reg.rb.txt
Description:	This Metasploit module exploits a registry-based stack overflow in the Windows Routing and Remote Access Service. Since the service is hosted inside svchost.exe, a failed exploit attempt can cause other system services to fail as well. A valid username and password is required to exploit this flaw on Windows 2000. When attacking XP SP1, the SMBPIPE option needs to be set to 'SRVSVC'. Exploiting this flaw involves two distinct steps - creating the registry key and then triggering an overwrite based on a read of this key. Once the key is created, it cannot be recreated. This means that for any given system, you only get one chance to exploit this flaw. Picking the wrong target will require a manual removal of the following registry key before you can try again: HKEY_USERS\\\\.DEFAULT\\\\Software\\\\Microsoft\\\\RAS Phonebook
Author:	H D Moore,Pusscat
Homepage:	http://www.metasploit.com
File Size:	5884
Related OSVDB(s):	26437
Related CVE(s):	CVE-2006-2370
Last Modified:	Nov 25 19:34:53 2009
MD5 Checksum:	e3878c4e99491b1e90737445afd1a5bd

/// File Name:	ms06_025_rras.rb.txt
Description:	This Metasploit module exploits a stack overflow in the Windows Routing and Remote Access Service. Since the service is hosted inside svchost.exe, a failed exploit attempt can cause other system services to fail as well. A valid username and password is required to exploit this flaw on Windows 2000.
Author:	H D Moore,Nicolas Pouvesle
Homepage:	http://www.metasploit.com
File Size:	3181
Related OSVDB(s):	26437
Related CVE(s):	CVE-2006-2370
Last Modified:	Nov 25 19:34:53 2009
MD5 Checksum:	3f6a2755ca9f5a1b98bfc7d24b10a14f

/// File Name:	ms06_040_netapi.rb.txt
Description:	This Metasploit module exploits a stack overflow in the NetApi32 CanonicalizePathName() function using the NetpwPathCanonicalize RPC call in the Server Service. It is likely that other RPC calls could be used to exploit this service. This exploit will result in a denial of service on on Windows XP SP2 or Windows 2003 SP1. A failed exploit attempt will likely result in a complete reboot on Windows 2000 and the termination of all SMB-related services on Windows XP. The default target for this exploit should succeed on Windows NT 4.0, Windows 2000 SP0-SP4+, Windows XP SP0-SP1 and Windows 2003 SP0.
Author:	H D Moore
Homepage:	http://www.metasploit.com
File Size:	8354
Related OSVDB(s):	27845
Related CVE(s):	CVE-2006-3439
Last Modified:	Nov 25 19:34:53 2009
MD5 Checksum:	09ce9abfa6366a47d09be140af9affef

/// File Name:	ms06_055_vml_method.rb.txt
Description:	This Metasploit module exploits a code execution vulnerability in Microsoft Internet Explorer using a buffer overflow in the VML processing code (VGX.dll). This Metasploit module has been tested on Windows 2000 SP4, Windows XP SP0, and Windows XP SP2.
Author:	Aviv Raff,H D Moore,M Shirk,Mr.Niega,Trirat Puttaraksa
Homepage:	http://www.metasploit.com
File Size:	3885
Related OSVDB(s):	28946
Related CVE(s):	CVE-2006-4868
Last Modified:	Nov 25 19:34:53 2009
MD5 Checksum:	715a26e332ef319bc61f812179780008

/// File Name:	ms06_057_webview_setslice.rb.txt
Description:	This Metasploit module exploits a flaw in the WebViewFolderIcon ActiveX control included with Windows 2000, Windows XP, and Windows 2003. This flaw was published during the Month of Browser Bugs project (MoBB #18).
Author:	H D Moore
Homepage:	http://www.metasploit.com
File Size:	3386
Related OSVDB(s):	27110
Related CVE(s):	CVE-2006-3730
Last Modified:	Nov 25 19:34:53 2009
MD5 Checksum:	6fe379a656f13db355bff8418fdf7e3c

/// File Name:	ms06_066_nwapi.rb.txt
Description:	This Metasploit module exploits the vulnerability in nwapi32.dll as described in MS06-066.
Author:	Pusscat
Homepage:	http://www.metasploit.com
File Size:	3738
Related OSVDB(s):	30260
Related CVE(s):	CVE-2006-4688
Last Modified:	Nov 25 19:34:53 2009
MD5 Checksum:	e46d8b56030dcc17c1389e3fec046cd6

/// File Name:	ms06_066_nwwks.rb.txt
Description:	This Metasploit module exploits a stack overflow in the svchost service, when the netware client service is running.
Author:	Pusscat
Homepage:	http://www.metasploit.com
File Size:	3519
Related OSVDB(s):	30260
Related CVE(s):	CVE-2006-4688
Last Modified:	Nov 25 19:34:53 2009
MD5 Checksum:	845947a57fc90dc8289d163427c11077

/// File Name:	ms06_067_keyframe.rb.txt
Description:	This Metasploit module exploits a heap overflow vulnerability in the KeyFrame method of the direct animation ActiveX control. This is a port of the exploit implemented by Alexander Sotirov.
Author:	Alexander Sotirov,skape
Homepage:	http://www.metasploit.com
File Size:	3533
Related OSVDB(s):	28842
Related CVE(s):	CVE-2006-4777
Last Modified:	Nov 25 19:34:53 2009
MD5 Checksum:	f311c947bb718b5b83a20f17370dd051

/// File Name:	ms06_071_xml_core.rb.txt
Description:	This Metasploit module exploits a code execution vulnerability in Microsoft XML Core Services which exists in the XMLHTTP ActiveX control. This Metasploit module is the modified version of http://www.milw0rm.com/exploits/2743 - credit to str0ke. This Metasploit module has been successfully tested on Windows 2000 SP4, Windows XP SP2, Windows 2003 Server SP0 with IE6 + Microsoft XML Core Services 4.0 SP2.
Author:	Trirat Puttaraksa
Homepage:	http://www.metasploit.com
File Size:	4383
Related OSVDB(s):	29425
Related CVE(s):	CVE-2006-5745
Last Modified:	Nov 25 19:34:53 2009
MD5 Checksum:	31b6f63c7a236c87738c0eae9ae220de