Security Research has released an exploit written in Metasploit framework for the benefit of the penetration testing community. The exploit  was converted to metasploit framework and verified. We have also verified two other exploits.

Exploits

TFTP Server version 1.4 exploit for Metasploit framework (newly converted/fix already available)

Tftp server v1.4 RRQ buffer overflow will send a Read Request (RRQ) packet which can trigger a buffer overflow in the victim system. After creating the buffer overflow the system will try to reset the buffer. After resetting the buffer, the stack pointer will point to the location which we desire. More details of the exploit can be viewed here. The exploit has been accepted by packet storm and you can get it from <here> also.

Target system: Windows xp sp3 with TFTP server v1.4 installed.

Payload limit: 500 bytes.

Proof of concept by: b33f 

Get Exploit 

 

Sysaxssh username buffer overflow  (verified existing exploit/fix already available)

This module exploits a vulnerability found in Sysax’s SSH service.  By supplying a long username, the SSH server will copy that data on the stack without any proper bounds checking, therefore allowing remote code execution under the context of the user. (Please note that previous versions (before 5.53) are also affected by this bug.)

Target System: Windows xp sp3/windows 2003 sp0 having sysaxssh server version 5.53 or below.

Authors: Craig freyman, sinn3r

View source code 

 

Mozilla Firefox Add-on attack (verified  existing exploit/fix already available)

This exploit dynamically creates an .xpi add-on file. The resulting Firefox add-on is presented to the victim via a web page.  The victim’s Firefox browser will pop a dialog asking if they trust the add-on. Once the user clicks “install”, the add-on gets installed and executes the payload with full user permissions of the attacker. More details about the attack are here.

Target System: This exploit will work for all windows platforms with Mozilla Firefox.

Authors: mihi

View Source code

 


Video guide for automation

Video guide for exploits

 

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong> <p>



This site is protected with Urban Giraffe's plugin 'HTML Purified' and Edward Z. Yang's Powered by HTML Purifier. 50588 items have been purified.