exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 4 of 4 RSS Feed

Files from Horizon3 Attack Team

First Active2023-04-25
Last Active2024-09-13
Ivanti EPM Remote Code Execution
Posted Sep 13, 2024
Authored by James Horseman, Horizon3 Attack Team | Site github.com

Proof of concept remote code execution exploit for Ivanti EPM versions prior to 2022 SU6 or the 2024 September update.

tags | exploit, remote, code execution, proof of concept
advisories | CVE-2024-29847
SHA-256 | aae283a6cefb5b56bdc7a70bc3a56e323ee785291fa82aaf40d1ff35d8e2d1e0
Download | Favorite | View
GoAnywhere MFT Authentication Bypass
Posted Jan 24, 2024
Authored by James Horseman, Zach Hanley, Horizon3 Attack Team | Site github.com

GoAnywhere MFT authentication bypass proof of concept exploit.

tags | exploit, proof of concept
advisories | CVE-2024-0204
SHA-256 | cc18afe3ce13ec7ab1ac673b6370a4830af2b4f40a635675ad5b2e4d8c6adfca
Download | Favorite | View
MOVEit Transfer SQL Injection / Remote Code Execution
Posted Jun 13, 2023
Authored by Horizon3 Attack Team | Site github.com

This proof of concept abuses an SQL injection vulnerability in MOVEit to obtain a sysadmin API access token and then use that access to abuse a deserialization call to obtain remote code execution. This proof of concept needs to reach out to an Identity Provider endpoint which hosts proper RS256 certificates used to forge arbitrary user tokens - by default this POC uses horizon3ai's IDP endpoint hosted in AWS. By default, the exploit will write a file to C:\Windows\Temp\message.txt. Alternative payloads can be generated by using the ysoserial.net project.

tags | exploit, remote, arbitrary, code execution, sql injection, proof of concept
systems | windows
advisories | CVE-2023-34362
SHA-256 | 891c1c3067e64d2916aec314b0195ba65fbc31db8570faee1f1fc3f6b4a366d9
Download | Favorite | View
PaperCut MF/NG Authentication Bypass / Remote Code Execution
Posted Apr 25, 2023
Authored by James Horseman, Zach Hanley, Horizon3 Attack Team | Site github.com

PaperCut MF/NG proof of concept exploit that uses an authentication bypass vulnerability chained with abuse of built-in scripting functionality to execute code.

tags | exploit, proof of concept, bypass
advisories | CVE-2023-27350
SHA-256 | e01888c501e68b969faf6f9f0762260b9738e28e6c41609aee12cd8f6079824b
Download | Favorite | View
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close