what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 2,465 RSS Feed

TCP Files

GNUnet P2P Framework 0.22.2
Posted Oct 30, 2024
Authored by Christian Grothoff | Site ovmj.org

GNUnet is a peer-to-peer framework with focus on providing security. All peer-to-peer messages in the network are confidential and authenticated. The framework provides a transport abstraction layer and can currently encapsulate the network traffic in UDP (IPv4 and IPv6), TCP (IPv4 and IPv6), HTTP, or SMTP messages. GNUnet supports accounting to provide contributing nodes with better service. The primary service build on top of the framework is anonymous file sharing.

Changes: GNUNET_STRINGS_get_utf8_args removed. Removed unsafe and unused functions for 2d/3d array allocation.
tags | tool, web, udp, tcp, peer2peer
SHA-256 | 8ece6bb986dd18f3e641edf7d48023a4ffc43831747a22991ddfa43bf16b2d83
GNUnet P2P Framework 0.22.1
Posted Oct 16, 2024
Authored by Christian Grothoff | Site ovmj.org

GNUnet is a peer-to-peer framework with focus on providing security. All peer-to-peer messages in the network are confidential and authenticated. The framework provides a transport abstraction layer and can currently encapsulate the network traffic in UDP (IPv4 and IPv6), TCP (IPv4 and IPv6), HTTP, or SMTP messages. GNUnet supports accounting to provide contributing nodes with better service. The primary service build on top of the framework is anonymous file sharing.

Changes: Various updates. See their git changelog for a full breakdown.
tags | tool, web, udp, tcp, peer2peer
SHA-256 | 922c54b2b890d2b9411512a3dc22dca353193dc6ea173d0dda6cb6ee9ff825bc
Samhain File Integrity Checker 4.5.1
Posted Sep 8, 2024
Authored by Rainer Wichmann | Site samhain.sourceforge.net

Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.

Changes: Added a fix for regression in SHELL option for log file monitoring.
tags | tool, tcp, intrusion detection
systems | linux, unix, solaris, aix, hpux, unixware
SHA-256 | 72c61517da00f6dbcb9097885932c15a69cf8f6f9225756cf257aeaac1159c7b
Novell ZENworks Configuration Management Preboot Service Remote File Access
Posted Sep 1, 2024
Authored by Luigi Auriemma, juan vazquez | Site metasploit.com

This Metasploit module exploits a directory traversal in the ZENworks Configuration Management. The vulnerability exists in the Preboot service and can be triggered by sending a specially crafted PROXY_CMD_FTP_FILE (opcode 0x21) packet to the 998/TCP port. This Metasploit module has been successfully tested on Novell ZENworks Configuration Management 10 SP2 and SP3 over Windows.

tags | exploit, tcp
systems | windows
advisories | CVE-2012-2215
SHA-256 | c8558ecefbfe751f2fc66900fb57a9cf3f672074e3a5a9c539be4d79127c10fb
Ray Sharp DVR Password Retriever
Posted Sep 1, 2024
Authored by H D Moore, someluser | Site metasploit.com

This Metasploit module takes advantage of a protocol design issue with the Ray Sharp based DVR systems. It is possible to retrieve the username and password through the TCP service running on port 9000. Other brands using this platform and exposing the same issue may include Swann, Lorex, Night Owl, Zmodo, URMET, and KGuard Security.

tags | exploit, tcp, protocol
SHA-256 | 8805abb547ee0c40d40a8ab15abce346a4a37b8f5ae7b7a9eeac09aa9f1a2cf4
EasyCafe Server Remote File Access
Posted Sep 1, 2024
Authored by Brendan Coles, R-73eN | Site metasploit.com

This Metasploit module exploits a file retrieval vulnerability in EasyCafe Server. The vulnerability can be triggered by sending a specially crafted packet (opcode 0x43) to the 831/TCP port. This Metasploit module has been successfully tested on EasyCafe Server version 2.2.14 (Trial mode and Demo mode) on Windows XP SP3 and Windows 7 SP1. Note that the server will throw a popup messagebox if the specified file does not exist.

tags | exploit, tcp
systems | windows, xp, 7
SHA-256 | 33d40a2aa040357554a8308847a479cb0f61d14ed8afe5d9bd0a74c18bb67185
SurgeNews User Credentials
Posted Sep 1, 2024
Authored by Brendan Coles | Site metasploit.com

This Metasploit module exploits a vulnerability in the WebNews web interface of SurgeNews on TCP ports 9080 and 8119 which allows unauthenticated users to download arbitrary files from the software root directory; including the user database, configuration files and log files. This Metasploit module extracts the administrator username and password, and the usernames and passwords or password hashes for all users. This Metasploit module has been tested successfully on SurgeNews version 2.0a-13 on Windows 7 SP 1 and 2.0a-12 on Ubuntu Linux.

tags | exploit, web, arbitrary, root, tcp
systems | linux, windows, ubuntu, 7
SHA-256 | 73764b44f63d2549636f9a072cfc6159cd3fc1782b3972e02ed0b63dd113c7dc
Titan FTP Administrative Password Disclosure
Posted Sep 1, 2024
Authored by Spencer McIntyre | Site metasploit.com

On Titan FTP servers prior to version 9.14.1628, an attacker can retrieve the username and password for the administrative XML-RPC interface, which listens on TCP Port 31001 by default, by sending an XML request containing bogus authentication information. After sending this request, the server responds with the legitimate username and password for the service. With this information, an attacker has complete control over the FTP service, which includes the ability to add and remove FTP users, as well as add, remove, and modify available directories and their permissions.

tags | exploit, tcp
advisories | CVE-2013-1625
SHA-256 | 9cb2dd621b853f0bf65b0c7e2b181281dd3360e122513e310b6ac58b7354eb61
TCP SYN Port Scanner
Posted Sep 1, 2024
Authored by Kris Katterjohn | Site metasploit.com

Enumerate open TCP services using a raw SYN scan.

tags | exploit, tcp
SHA-256 | 14ea35b0026142850f8db65ecd2b7e60368fa5164e89ff0b57e95fdff4677928
FTP Bounce Port Scanner
Posted Sep 1, 2024
Authored by Kris Katterjohn | Site metasploit.com

Enumerate TCP services via the FTP bounce PORT/LIST method.

tags | exploit, tcp
SHA-256 | c4a12bd7e84df326bb8f7d95d1ef9ba9d1f95844094f776776f5f8dc4fbcc705
Sielco Sistemi Winlog Remote File Access
Posted Aug 31, 2024
Authored by Luigi Auriemma, juan vazquez | Site metasploit.com

This Metasploit module exploits a directory traversal in Sielco Sistemi Winlog. The vulnerability exists in the Runtime.exe service and can be triggered by sending a specially crafted packet to the 46824/TCP port. This Metasploit module has been successfully tested on Sielco Sistemi Winlog Lite 2.07.14.

tags | exploit, tcp
advisories | CVE-2012-4356
SHA-256 | b86031eb554a91e334141d55bf93e4dd76814f3ae6c789b063d6cd6424f4986a
Netgear R6700v3 Unauthenticated LAN Admin Password Reset
Posted Aug 31, 2024
Authored by Pedro Ribeiro, Radek Domanski, gwillcox-r7 | Site metasploit.com

This Metasploit module targets ZDI-20-704 (aka CVE-2020-10924), a buffer overflow vulnerability in the UPNP daemon (/usr/sbin/upnpd), on Netgear R6700v3 routers running firmware versions from V1.0.2.62 up to but not including V1.0.4.94, to reset the password for the admin user back to its factory default of password. Authentication is bypassed by using ZDI-20-703 (aka CVE-2020-10923), an authentication bypass that occurs when network adjacent computers send SOAPAction UPnP messages to a vulnerable Netgear R6700v3 router. Currently this module only supports exploiting Netgear R6700v3 routers running either the V1.0.0.4.82_10.0.57 or V1.0.0.4.84_10.0.58 firmware, however support for other firmware versions may be added in the future. Once the password has been reset, attackers can use the exploit/linux/telnet/netgear_telnetenable module to send a special packet to port 23/udp of the router to enable a telnet server on port 23/tcp. The attacker can then log into this telnet server using the new password, and obtain a shell as the "root" user. These last two steps have to be done manually, as the authors did not reverse the communication with the web interface. It should be noted that successful exploitation will result in the upnpd binary crashing on the target router. As the upnpd binary will not restart until the router is rebooted, this means that attackers can only exploit this vulnerability once per reboot of the router. This vulnerability was discovered and exploited at Pwn2Own Tokyo 2019 by the Flashback team (Pedro Ribeiro + Radek Domanski).

tags | exploit, web, overflow, shell, root, udp, tcp
systems | linux
advisories | CVE-2020-10923, CVE-2020-10924
SHA-256 | 9761d8c2da4ee95f5c6b4cfd77d3759b606692ed519993f3da76a637e562671b
PhoenixContact PLC Remote START/STOP Command
Posted Aug 31, 2024
Authored by Photubias | Site metasploit.com

PhoenixContact Programmable Logic Controllers are built upon a variant of ProConOS. Communicating using a proprietary protocol over ports TCP/1962 and TCP/41100 or TCP/20547. It allows a remote user to read out the PLC Type, Firmware and Build number on port TCP/1962. And also to read out the CPU State (Running or Stopped) AND start or stop the CPU on port TCP/41100 (confirmed ILC 15x and 17x series) or on port TCP/20547 (confirmed ILC 39x series).

tags | exploit, remote, tcp, protocol
advisories | CVE-2014-9195
SHA-256 | 121da6ea0c1ed5792460a8fc75979c956e19cb91d2f862453bd1833c0c4711f2
WPAD.dat File Server
Posted Aug 31, 2024
Authored by Efrain Torres | Site metasploit.com

This Metasploit module generates a valid wpad.dat file for WPAD mitm attacks. Usually this module is used in combination with DNS attacks or the NetBIOS Name Service Spoofer module. Please remember as the server will be running by default on TCP port 80 you will need the required privileges to open that port.

tags | exploit, tcp
SHA-256 | dea84a22b01768d6a2d562778fdb7f6500af85950b2379daed227689d270ea29
CheckPoint Firewall-1 SecuRemote Topology Service Hostname Disclosure
Posted Aug 31, 2024
Authored by Jay Turla | Site metasploit.com

This Metasploit module sends a query to the port 264/TCP on CheckPoint Firewall-1 firewalls to obtain the firewall name and management station (such as SmartCenter) name via a pre-authentication request. The string returned is the CheckPoint Internal CA CN for SmartCenter and the firewall host. Whilst considered "public" information, the majority of installations use detailed hostnames which may aid an attacker in focusing on compromising the SmartCenter host, or useful for government, intelligence and military networks where the hostname reveals the physical location and rack number of the device, which may be unintentionally published to the world.

tags | exploit, tcp
SHA-256 | e21f148c64b187b4a8afe6f2687291e9e175b380dc71d0ded5ab0a6fa2ec42a8
Apache ZooKeeper Information Disclosure
Posted Aug 31, 2024
Authored by Karn Ganeshen | Site metasploit.com

Apache ZooKeeper server service runs on TCP 2181 and by default, it is accessible without any authentication. This Metasploit module targets Apache ZooKeeper service instances to extract information about the system environment, and service statistics.

tags | exploit, tcp
SHA-256 | f9b240045784798cc72ff0698945798f2aa501f213900a5c9466f36f732cc260
Juniper JunOS Malformed TCP Option
Posted Aug 31, 2024
Authored by Tod Beardsley | Site metasploit.com

This Metasploit module exploits a denial of service vulnerability in Juniper Networks JunOS router operating system. By sending a TCP packet with TCP option 101 set, an attacker can cause an affected router to reboot.

tags | exploit, denial of service, tcp
systems | juniper
SHA-256 | 08cdfbd242df275e59eddfc4bc6b02c08584e7f50c6f6577a3ecd7ea5c272711
TCP SYN Flooder
Posted Aug 31, 2024
Authored by Kris Katterjohn | Site metasploit.com

A simple TCP SYN flooder.

tags | exploit, tcp
SHA-256 | 3ace287aab3da5a9b492f7d64244be039a5f455079c90681e26f7397741ff12c
Apache mod_isapi Dangling Pointer
Posted Aug 31, 2024
Authored by Brett Gervasoni, jduck | Site metasploit.com

This Metasploit module triggers a use-after-free vulnerability in the Apache Software Foundation mod_isapi extension for versions 2.2.14 and earlier. In order to reach the vulnerable code, the target server must have an ISAPI module installed and configured. By making a request that terminates abnormally (either an aborted TCP connection or an unsatisfied chunked request), mod_isapi will unload the ISAPI extension. Later, if another request comes for that ISAPI module, previously obtained pointers will be used resulting in an access violation or potentially arbitrary code execution. Although arbitrary code execution is theoretically possible, a real-world method of invoking this consequence has not been proven. In order to do so, one would need to find a situation where a particular ISAPI module loads at an image base address that can be re-allocated by a remote attacker. Limited success was encountered using two separate ISAPI modules. In this scenario, a second ISAPI module was loaded into the same memory area as the previously unloaded module.

tags | exploit, remote, arbitrary, tcp, code execution
advisories | CVE-2010-0425
SHA-256 | e04d3b9c9de28cf065800495f9d457177003f542be9c1a8e7109f19ae6fb7ca1
7-Technologies IGSS 9 IGSSdataServer.exe Denial Of Service
Posted Aug 31, 2024
Authored by jfa | Site metasploit.com

The 7-Technologies SCADA IGSS Data Server (IGSSdataServer.exe) versions 9.0.0.10306 and below can be brought down by sending a crafted TCP packet to port 12401.

tags | exploit, tcp
advisories | CVE-2011-4050
SHA-256 | e6cfee02aa9314fcc28746ee6fe6c5a89ca530a6f75e6ee5d8766a45a34e95d8
GNUnet P2P Framework 0.22.0
Posted Aug 30, 2024
Authored by Christian Grothoff | Site ovmj.org

GNUnet is a peer-to-peer framework with focus on providing security. All peer-to-peer messages in the network are confidential and authenticated. The framework provides a transport abstraction layer and can currently encapsulate the network traffic in UDP (IPv4 and IPv6), TCP (IPv4 and IPv6), HTTP, or SMTP messages. GNUnet supports accounting to provide contributing nodes with better service. The primary service build on top of the framework is anonymous file sharing.

Changes: New logging API to print/parse hex bytes. Added RFC9180 HPKE and associated KEMs. Replaced oneshot PKE and KEM APIs with HPKE. New Elligator KEM. Namestore API allows multiple records to be inserted in a single transaction. New ECDH API that uses KDFs instead of hash. Renamed GNUNET_CRYPTO_hkdf to GNUNET_CRYPTO_hkdf_gnunet. Added new standard SHA256-based HKDF APIs. New hostlist bootstrap domain.
tags | tool, web, udp, tcp, peer2peer
SHA-256 | 3263e6bd50751dadccfae19ff8c3d5cd91022890218bd95f0dd6aae993ea8926
DiCal-RED 4009 Information Disclosure
Posted Aug 23, 2024
Authored by Sebastian Hamann | Site syss.de

DiCal-RED version 4009 provides a network server on TCP port 2101. This service does not seem to process any input, but it regularly sends data to connected clients. This includes operation messages when they are processed by the device. An unauthenticated attacker can therefore gain information about current emergency situations and possibly also emergency vehicle positions or routes.

tags | exploit, tcp
advisories | CVE-2024-36441
SHA-256 | ab5d94c2a1f0e4d8bfcda084e05a40a114001865191d658dc9600e79c80e6702
DiCal-RED 4009 Missing Authentication
Posted Aug 23, 2024
Authored by Sebastian Hamann | Site syss.de

DiCal-RED version 4009 provides an FTP service on TCP port 21. This service allows anonymous access, i.e. logging in as the user "anonymous" with an arbitrary password. Anonymous users get read access to the whole file system of the device, including files that contain sensitive configuration information, such as /etc/deviceconfig. The respective process on the system runs as the system user "ftp". Therefore, a few files with restrictive permissions are not accessible via FTP.

tags | exploit, arbitrary, tcp
advisories | CVE-2024-36443
SHA-256 | 52bc52be64d4c2afda673bb45ef55a60f84844e255049be801b31a39b418fdfc
DiCal-RED 4009 Missing Authentication
Posted Aug 23, 2024
Authored by Sebastian Hamann | Site syss.de

DiCal-RED version 4009 provides a Telnet service on TCP port 23. This service grants access to an interactive shell as the system's root user and does not require authentication.

tags | exploit, shell, root, tcp
advisories | CVE-2024-36445
SHA-256 | a6385e494be7b4b70dba302642602595baa5c71833106dcef5c061db726846b5
Calibre 7.15.0 Python Code Injection
Posted Aug 8, 2024
Authored by Michael Heinzl, Amos Ng | Site metasploit.com

This Metasploit module exploits a Python code injection vulnerability in the Content Server component of Calibre version 6.9.0 through 7.15.0. Once enabled (disabled by default), it will listen in its default configuration on all network interfaces on TCP port 8080 for incoming traffic, and does not require any authentication. The injected payload will get executed in the same context under which Calibre is being executed.

tags | exploit, tcp, python
advisories | CVE-2024-6782
SHA-256 | 2678fd269bdb79e8ada27f1f7870d0382cc42ef2fd75bd19a29cff06a2dd56c3
Page 1 of 99
Back12345Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close