exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 9 of 9 RSS Feed

Files from Chris Moberly

Email addresschris at mailchris.com
First Active2018-04-26
Last Active2019-05-30
Serv-U FTP Server 15.1.6.25 Local Privilege Escalation
Posted May 30, 2019
Authored by Chris Moberly

Serv-U FTP Server version 15.1.6.25 suffers from a local privilege escalation vulnerability via authentication bypass.

tags | exploit, local
advisories | CVE-2018-19999
SHA-256 | 9520e5100bd633aacd33186e92020821a17ae8024fc9d8d2d19c57caa1bceb16
snapd 2.37 (Ubuntu) dirty_sock Local Privilege Escalation
Posted Feb 13, 2019
Authored by Chris Moberly

This exploit bypasses access control checks to use a restricted API function (POST /v2/snaps) of the local snapd service. This allows the installation of arbitrary snaps. Snaps in "devmode" bypass the sandbox and may include an "install hook" that is run in the context of root at install time. dirty_sockv2 leverages the vulnerability to install an empty "devmode" snap including a hook that adds a new user to the local system. This user will have permissions to execute sudo commands. As opposed to version one, this does not require the SSH service to be running. It will also work on newer versions of Ubuntu with no Internet connection at all, making it resilient to changes and effective in restricted environments. This exploit should also be effective on non-Ubuntu systems that have installed snapd but that do not support the "create-user" API due to incompatible Linux shell syntax. Some older Ubuntu systems (like 16.04) may not have the snapd components installed that are required for sideloading. If this is the case, this version of the exploit may trigger it to install those dependencies. During that installation, snapd may upgrade itself to a non-vulnerable version. Testing shows that the exploit is still successful in this scenario. This is the second of two proof of concepts related to this issue. Versions below 2.37.1 are affected.

tags | exploit, arbitrary, shell, local, root, proof of concept
systems | linux, ubuntu
advisories | CVE-2019-7304
SHA-256 | 09f311cd0808169606fe8f6d82efa2f6d9976ca93655f776e6a68b99bcab8228
snapd 2.37 (Ubuntu) dirty_sock Local Privilege Escalation
Posted Feb 13, 2019
Authored by Chris Moberly

This exploit bypasses access control checks to use a restricted API function (POST /v2/create-user) of the local snapd service. This queries the Ubuntu SSO for a username and public SSH key of a provided email address, and then creates a local user based on these value. Successful exploitation for this version requires an outbound Internet connection and an SSH service accessible via localhost. This is one of two proof of concepts related to this issue. Versions below 2.37.1 are affected.

tags | exploit, local, proof of concept
systems | linux, ubuntu
advisories | CVE-2019-7304
SHA-256 | 1d020fdf71d65c1855e5e714df0baf4d63b98521c65f6d1cbc13110479244d5a
SolarWinds Serv-U FTP 15.1.6.25 Cross Site Scripting
Posted Feb 2, 2019
Authored by Chris Moberly

SolarWinds Serv-U FTP version 15.1.6.25 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2018-19934
SHA-256 | cab43f09ea114ddd73225f371eaa5942ccc5ccab83144e828b4c6ecb2a3988f2
SolarWinds Serv-U FTP 15.1.6 Privilege Escalation
Posted Feb 2, 2019
Authored by Chris Moberly

SolarWinds Serv-U FTP Server version 15.1.6 is vulnerable to privilege escalation from remote authenticated users by leveraging the CSV user import function. This leads to obtaining remote code execution under the context of the Windows SYSTEM account in a default installation.

tags | exploit, remote, code execution
systems | windows
advisories | CVE-2018-15906
SHA-256 | b8d74d5140736265d1823436e97fb1070add29afc06762c47315c0b4594f0455
Plex Media Server 1.13.2.5154 SSDP Processing XML Injection
Posted Aug 3, 2018
Authored by Chris Moberly

Plex Media Server version 1.13.2.5154 suffers from an XML external entity injection vulnerability in SSDP processing.

tags | exploit
advisories | CVE-2018-13415
SHA-256 | fd05bc119cc94dd07f1758633b919f61a810dd3733ec673cd4b05bbf8c8ddbd5
Vuze Bittorrent Client 5.7.6.0 SSDP Processing XML Injection
Posted Aug 3, 2018
Authored by Chris Moberly

Vuze Bittorrent Client version 5.7.6.0 suffers from an XML external entity injection vulnerability in SSDP processing.

tags | exploit
advisories | CVE-2018-13417
SHA-256 | 686d443dca7f3303ff849b5fac86fadc56950d932e1bf58ccef6da24a4dbd00b
Universal Media Server 7.1.0 XML Injection
Posted Aug 1, 2018
Authored by Chris Moberly

Universal Media Server version 7.1.0 suffers from an XML external entity injection vulnerability in SSDP processing.

tags | exploit
advisories | CVE-2018-13416
SHA-256 | 6c37f538c3799e0537e2b25bcf9ad1006bdcc07b9913e98d2700d77f45c34328
Sitecore.NET 8.1 Directory Traversal
Posted Apr 26, 2018
Authored by Chris Moberly

Sitecore.NET version 8.1 suffers from a directory traversal vulnerability.

tags | exploit, file inclusion
advisories | CVE-2018-7669
SHA-256 | e4a706da6b29b62366f1ed365cb9f34fa7a8c59a749e0d003d626c959eb95de6
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close