exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 7 of 7 RSS Feed

Files from Michael Schierl

Real NameMichael Schierl
Email addressprivate
Websiteschierlm.users.sourceforge.net
First Active2010-04-19
Last Active2022-01-12
View User Profile
Log4Shell HTTP Header Injection
Posted Jan 12, 2022
Authored by sinn3r, Michael Schierl, Spencer McIntyre, juan vazquez | Site metasploit.com

This Metasploit module will exploit an HTTP end point with the Log4Shell vulnerability by injecting a format message that will trigger an LDAP connection to Metasploit and load a payload. The Automatic target delivers a Java payload using remote class loading. This requires Metasploit to run an HTTP server in addition to the LDAP server that the target can connect to. The targeted application must have the trusted code base option enabled for this technique to work. The non-Automatic targets deliver a payload via a serialized Java object. This does not require Metasploit to run an HTTP server and instead leverages the LDAP server to deliver the serialized object. The target application in this case must be compatible with the user-specified JAVA_GADGET_CHAIN option.

tags | exploit, java, remote, web
advisories | CVE-2021-44228
SHA-256 | fb881ade3573c4c3970acc27f51ba1d3ac1aaff25446ea8e525ce3aca4d0ca4d
Java Debug Wire Protocol Remote Code Execution
Posted Jun 16, 2014
Authored by Michael Schierl, Christophe Alladoum, Julian Vilas | Site metasploit.com

This Metasploit module abuses exposed Java Debug Wire Protocol services in order to execute arbitrary Java code remotely. It just abuses the protocol features, since no authentication is required if the service is enabled.

tags | exploit, java, arbitrary, protocol
advisories | OSVDB-96066
SHA-256 | 1e8b55ac023effc278ba81e4b21d999d5de6a928c79485271727ac75c78a4964
Java Applet Rhino Script Engine Remote Code Execution
Posted Nov 30, 2011
Authored by sinn3r, Michael Schierl, juan vazquez, Edward D. Teach | Site metasploit.com

This Metasploit module exploits a vulnerability in the Rhino Script Engine that can be used by a Java Applet to run arbitrary Java code outside of the sandbox. The vulnerability affects version 7 and version 6 update 27 and earlier, and should work on any browser that supports Java (for example: IE, Firefox, Google Chrome, etc).

tags | exploit, java, arbitrary
advisories | CVE-2011-3544, OSVDB-76500
SHA-256 | d91e779ec520d6b5000796fbb5510410cdd34ecb929017aa6bdbbf0c838eed04
Java RMI Server Insecure Default Configuration Java Code Execution
Posted Jul 16, 2011
Authored by Michael Schierl | Site metasploit.com

This Metasploit module takes advantage of the default configuration of the RMI Registry and RMI Activation services, which allow loading classes from any remote (HTTP) URL. As it invokes a method in the RMI Distributed Garbage Collector which is available via every RMI endpoint, it can be used against both rmiregistry and rmid, and against most other (custom) RMI endpoints as well. Note that it does not work against Java Management Extension (JMX) ports since those do not support remote class loading, unless another RMI endpoint is active in the same Java process. RMI method calls do not support or require any sort of authentication.

tags | exploit, java, remote, web, registry
SHA-256 | 74cc3c759347106de31d2f7d447682b88481649a9cdcb47556ef3dc90a7223ae
J2EEPayload 0.1
Posted Dec 13, 2010
Authored by Michael Schierl | Site schierlm.users.sourceforge.net

This archive contains a collection of WAR and EAR compatible stagers that use a variety of communication methods to communicate back to the attacker - even if the only open port is the HTTP/JNDI port, or even if no incoming ports are open but the victim can call back (which can be tricky as usually WARs and EARs are initialized on demand).

tags | java, web
SHA-256 | e0adf72b3398c73749efe6bac7d251e6948e7d500a2ba499bf1a5c34ac8e26fc
MS-SQL CLR Stored Procedure Proof Of Concept
Posted Oct 11, 2010
Authored by Michael Schierl

Microsoft SQL Server supports so called CLR Stored Procedures which are written in a .NET language and are run directly inside MS SQL Server. If an hijacked account has appropriate permissions, it can be used to run a native payload (inject native code into a new thread) or to tunnel a TCP connection or a shell via the SQL port (needed if the database server is properly firewalled). They can also be combined to tunnel a reverse_tcp payload. Additional permissions, like xp_cmdshell, are not required. This file is a proof of concept that demonstrates this ability.

tags | exploit, shell, tcp, proof of concept
SHA-256 | b402c616b5be94e40d281a86dd3349dc0c78b5d4578e9d551c39743f9a054e27
JavaPayload - Platform Independent Java Stager Payloads
Posted Apr 19, 2010
Authored by Michael Schierl | Site schierlm.users.sourceforge.net

This archive contains a collection of pure Java payloads, from simple Shell and UpExec payloads (which need - to some degree - platform dependent parameters), to a JSh ("Java Shell") payload that supports an interactive shell to query system properties, run applications, open TCP connections, navigate the filesystem and read/write text files. Basic job control enables to run more than one command or TCP session via a single exploited session. These payloads are modular, consisting of three parts: loaders, stagers and stages. Loaders, stagers and stages can be combined arbitrarily, and the stages and stagers can also be used to integrate them into other exploit frameworks like Metasploit (if you are more Ruby-literate than me). There are also examples included how to call these payloads from standalone applications, signed Java applets, OpenOffice macros or via JDWP debug connections.

tags | java, shell, tcp, ruby
SHA-256 | 747a1606b26df9100754057d92a18c72898b1aac62e7ff7f66444ab2423ae003
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close