Search the Community

Showing results for tags 'remote'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • General doubts | News
    • General doubts
    • News
  • Hacking | Remote Administration | Bugs & Exploits
    • Hacking
    • Remote Administration
    • Bugs & Exploits
  • Programming | Web | SEO | Prefabricated applications
    • General Programming
    • Web Programming
    • Prefabricated Applications
    • SEO
  • Cracking Zone
    • Cracking Accounts
    • Reverse Engineering
  • Security & Anonymity
    • Security
    • Wireless Security
    • Web Security
    • Anonymity
  • Operating Systems | Hardware | Programs
    • Operating systems
    • Hardware
    • PC programs
    • iOS
    • Android
    • Windows Phone
  • Graphic Design
    • Graphic Design
  • vBCms Comments
  • live stream tv
    • live stream tv
  • Marketplace
    • Sell
    • Services
    • Request
  • Premium Accounts
    • Accounts
  • Modders Section
    • Source Codes
    • Manuals | Videos
    • Tools
    • Others
  • PRIV8-Section
    • Exploits
    • Accounts|Dumps
    • Crypter|Binder|Bots
    • Tutorials|Videos
    • Cracked Tools
    • Make Money
    • More Tools
    • Databeses
    • Ebooks
  • Cracking Zone PRIV8
    • Cracking Accounts
    • Reverse Engineering
    • Cracker Preview Area
  • Carding Zone PRIV8
    • Carding
    • Phishing
    • Defacing
    • Doxing
    • Special User Premium Preview Area

Blogs

There are no results to display.

There are no results to display.


Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Location


Interests


Occupation


TeamViewer


Tox

Found 152 results

  1. Spy MAX Remote control system in Android systems with simple graphical interfaces and easy to use requirements Java NET framework 4.5 The program is compatible with the following Microsoft Windows application windows 10 windows 8 windows 7 windows Pach is compatible with modern Android systems 9.0 - eBay 8.0 - Orio / oreo 7.0 - Noga / nougat 6.0 - Marshmallow One of the most important features Multi-port Size 18.5 KB / Clean Encode with insertion point Run more than one patch on one phone Secure data sent and received over the network Ability to control the program settings to suit your needs and your own taste And other features .. Explanation Code: +----------------------+ | [1] Files Manager | | [2] SMS Manager | | [3] Calls Manager | | [4] Contacts Manager | | [5] Location Manager | > +--+[6] GPS | | | | | +--+[7] GSM | [8] Account Manager | | [9] Camera Manager | > +--+[10] Front | | | | | +--+[11] Back | [12] Shell Terminal | | [13] informations | | [14] Applications | | [15] Microphone | | [16] Server | > +--+[17] EditSocket | | | +----------------------+ +--+[18] Restart | +--+[19] Rename | +--+[20] Close [1] files [2] Messages [3] Calling [4] Contact [5] Location [6] Global Positioning System (GPS) [7] Global System for Mobile communications (GSM) [8] Calculations [9] What is your favorite camera? [10] Front camera [11] Rear camera [12] Execution of linux commands [13] Information [14] Installed applications [15] The microphone [16] server [17] Editing or modifying the communication [18] Restart the connection [19] Renaming contact [20] Close the connection after restarting the phone Code: +---------------+ | | | [1] Build | | | | [2] Settings | | | | [3] About | | | | [4] Exit | | | +---------------+ [1] Window Builder Patch [2] Settings [3] About the program 4 Code: +-----------------------------------------+ | [1] connection | | + | | +-> [2] dynamic DNS/ip +--+ | | v | | +----------------------+ | | | | | +-> [3] port | | | [8] DNS/ip:port | | | | | | +-> [4] Add | | | | | | | | | +-> [5] DEL | | | | | | | | | +-> [6] up | | | | | | | +----------------------+ +-> [7] down | | | +-----------------------------------------+ [1] Communications [2] Your address is on LAN or WAN external domain [3] Port number Preferably choose a port between 1024 to 65535 [4] Add the title and entry in the list [5] Delete title and port from list [6] Upload contact information up to become a priority in communication [7] Contact information down [8] List of contacts Code: +----------------------------+ |[1] installation | | + | | +--> [2] name of victim | | | | | +--> [3] name patch | | | | | +--> [4] version | | | | | | +-----------+ | | | | | | | +--> | [5] hide | | | | | [6] icon | | | | | [7] doze | | | | | | | | | +-----------+ | | | | | +--> [8] sleep | | | | | +--> [9] futex | | | | | +--> [10] flavor | | | +----------------------------+ [1] Composition [2] Contact Name [3] The name of the patch is the name shown when installed on the phone [4] issue number [5] How to hide the patch after playback [6] Choosing the icon You can add custom icons to the res \ Icons \ Apps folder and the sizes must be 144 in 144 or 192 in 192 pixels [7] In case of non-activation will be restricted to doze system and applications and other artificial intelligence systems and control on activation You can add custom icons to the folder res \ Icons \ Notification The sizes must be 24 in 24 or 32 in 32 pixels [8] You have to set the time in milliseconds. Click on the box to see the timing, it will work under any circumstance doze or other. If you do not need a timer, you can set the value to 0. [9] Generating keys to secure communication and data synchronization Pass the key on the box and the keys will be generated automatically [10] to create different versions after the dot. You must put your own suffix in English only without letters, numbers or symbols Code: +------------------------------------+ | | | +---------------+ +--------+ | | | [1] browse | | [2] OK | | | +---------------+ +--------+ | | | +------------------------------------+ [1] You must install java and then select the bin folder from the operating environment of jre java applications Code: \Java\jre x.x.x\bin [2] Select the patch that is included with the program to configure your settings Code: +------------------------------------------+ | | | [1] socket +> [3] high | | + | | | +> [2] performance+> [4] normal | | | | | | +> [6] Encoding +> [5] low | | | + | | | | | | | +-------+> [7] Default | | | | | | | +> [8] UTF8 | | | | | | | +> [9] UTF32 | | | | | | | +> [10] ASCII | | | | | +> [11] Disconnected | | + | | | | | +----------+-----------+ | | v v | | [12] Close windows [13] Just tell me | | | +------------------------------------------+ [1] The Socket [2] Program performance with communications, processor and data traffic [3] If you have a high-quality device and have lots of connections, you can make the most of the program [4] Using normal mode will work on low and high mode (recommended) [5] If you have a low-specification device and have little communication you can use low mode [6] Character encoding [7] The default codec on your device [8] UTF8 [9] UTF32 [10] ASCII [11] Disconnect [12] Close all active client windows if connection is interrupted [13] You will be notified only when you disconnect and will not close any window Code: +-----------------------------------+ | | | [1] Alert | | + | | +> [2] Show Alert +> [3] Yes | | | | | | | +> [4] No | | | | | +> [5] Location | | + | | +------+------+ | | v v | | [6] Left [7] Right | | | | | +-----------------------------------+ [1] Alert [2] View alert or notification of new customer login or connection [3] Yes if you need to show the alarm [4] No need to show the alarm [5] Alert site on desktop screen [6] Left desktop screen [7] Right desktop screen Code: +---------------------------------------+ | | | [1] Camera Manager | | + +-> [3] Yes | | +> [2] Auto focus | | | | +-> [4] No | | | | | | | | +> [5] Effects +-> [7] Gray | | | + | | | | +-+-------> [8] Raw-01 | | | | | | | | v +-> [9] Raw-02 | | | [6] Normal | | | | | | | | | | | +> [10] Quality | | + | | +---+--> [11] Auto | | | | | v | | [12] high quality | | | +---------------------------------------+ [1] Camera settings [2] Auto focus [3] Autofocus activation (not recommended) [4] Auto focus is inactive [5] Effects [6] without any default effect [7] Gradient effect [8] Raw Impact 01 model click here [9] The raw effect 02 is similar to the impact of crude 01 and the difference coloration of the model model click here [10] Broadcast quality [11] Automatic depending on the speed of communication between the parties [12] Top quality (not recommended) Code: +---+ +---------------------------------------+ | | | | | | [1] Location Manager | | | | + | | | | | | | | | +---> [2] Style | | | | + | | | | | | | | | +--> [3] Silver | | | | | | | | | [4] Aubergine <--+ | | | | | | | | | +--> [5] Dark | | | | | | | | | [6] Standard <--+ | | | | | | | +---------------------------------------+ | +---+ [1] Site settings [2] Map format [3] Silver model click here [4] Eggplant Form Click Here [5] Dark model click here [6] Basic Form Click Here Code: +------------------------------------+ |[1] Saving data | | + + | | | | | | | +>[2] Auto save | | | + | | | +----------+-----------+ | | | | | | | | +-> [3] No [4] Yes <-+ | | | | | + | |[5] Colors | | + + | | | +---------+ | | | | | | + | | |[10] Font | | | + +-> [6] Foreground | | | | | | +-----+ +-> [7] Background | | | | | | +-> [11] Size +-> [8] Titles | | | | | | +-> [12] Style +-> [9] New Files | | | +------------------------------------+ [1] Save data [2] Autosave [3] No data saving will appear on the records. You can save them again [4] Yes to save data automatically Records and data will be saved in the client folder Use (Firefox - Google Chrome) to open the records [5] Color in the sample program click here [6] Color Foreground - one color includes text, buttons, icons, etc. [7] Background color - one color will be used in the program background [8] Color Titles [9] Color of new files shared or modified by user or software [10] Program line [11] font size [12] Style font - bold or regular Show client folder Two clicks on the contacts To show contact information, click on the first column Total frames per second = FPS (Frames Per Second) Size = one frame size 170.25kb = 15fps * 11.35KB total size per second The accuracy of the site was less than all the best. The correct location is almost 0 to 75.0 = Accuracy Speedometer in kilometers per hour The speed of the vehicle or any other vehicle is measured = km / h Go to Google Maps two clicks on the map Zoom the map with the mouse wheel or the keyboard up or down To the end of the explanation here was to cover the most important details in the program If you encounter problems with the program, write down the details of the bugs, and they will be fixed in the next version. [Hidden Content] Download: [HIDE][Hidden Content]] Password: level23hacktools.com
  2. This Metasploit module exploits a remote code execution vulnerability found in GetSimpleCMS versions 3.3.15 and below. An arbitrary file upload (PHPcode for example) vulnerability can be triggered by an authenticated user, however authentication can be bypassed by leaking the cms API key to target the session manager. View the full article
  3. This Metasploit module exploits a command execution vulnerability in PHP-Fusion versions 9.03.00 and below. It is possible to execute commands in the system with ordinary user authority. View the full article
  4. Firefly CMS version 1.0 suffers from a remote command execution vulnerability. View the full article
  5. An unauthenticated attacker with network access to the Oracle Weblogic Server T3 interface can send a malicious SOAP request to the interface WLS AsyncResponseService to execute code on the vulnerable host. View the full article
  6. ReadyAPI versions 2.5.0 and 2.6.0 suffer from a remote code execution vulnerability. View the full article
  7. LG SuperSign EZ CMS, that many LG SuperSign TVs have built-in, is prone to a remote code execution vulnerability due to an improper parameter handling. View the full article
  8. Xitami Web Server version 2.5 remote SEH buffer overflow exploit with egghunter. View the full article
  9. WordPress Social Warfare plugin versions prior to 3.5.3 suffer from a remote code execution vulnerability. View the full article
  10. Barco/AWIND OEM presentation platform suffers from an unauthenticated command injection vulnerability. Products affected include Crestron AM-100 1.6.0.2, Crestron AM-101 2.7.0.1, Barco wePresent WiPG-1000P 2.3.0.10, Barco wePresent WiPG-1600W before 2.4.1.19, Extron ShareLink 200/250 2.0.3.4, Teq AV IT WIPS710 1.1.0.7, InFocus LiteShow3 1.0.16, InFocus LiteShow4 2.0.0.7, Optoma WPS-Pro 1.0.0.5, Blackbox HD WPS 1.0.0.5, and SHARP PN-L703WA 1.4.2.3. View the full article
  11. SolarWinds DameWare Mini Remote Control version 10.0 suffers from a denial of service vulnerability. View the full article
  12. Microsoft Windows PowerShell ISE will execute wrongly supplied code when debugging specially crafted PowerShell scripts that contain array brackets as part of the filename. This can result in ISE executing attacker supplied scripts pointed to by the filename and not the "trusted" PS file currently loaded and being viewed by a user in the host application. This undermines the integrity of PowerShell ISE allowing potential unexpected remote code execution. View the full article
  13. This Metasploit module exploits a vulnerability in Ruby on Rails. In development mode, a Rails application would use its name as the secret_key_base, and can be easily extracted by visiting an invalid resource for a path. As a result, this allows a remote user to create and deliver a signed serialized payload, load it by the application, and gain remote code execution. View the full article
  14. MailCarrier version 2.51 HELP remote buffer overflow exploit. View the full article
  15. Domoticz versions 4.10577 and below suffer from an unauthenticated remote command execution vulnerability. View the full article
  16. This Metasploit module exploits a PHP unserialize() in Pimcore before 5.7.1 to execute arbitrary code. An authenticated user with "classes" permission could exploit the vulnerability. The vulnerability exists in the "ClassController.php" class, where the "bulk-commit" method makes it possible to exploit the unserialize function when passing untrusted values in "data" parameter. Tested on Pimcore 5.4.0-5.4.4, 5.5.1-5.5.4, 5.6.0-5.6.6 with the Symfony unserialize payload. Tested on Pimcore 4.0.0-4.6.5 with the Zend unserialize payload. View the full article
  17. An exploitable remote code execution vulnerability exists in the upload.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can upload a file, resulting in executable code being uploaded, and routable, to the webserver. An attacker can make an authenticated HTTP request to trigger this vulnerability. View the full article
  18. Insanity-Framework THIS PROJECT ARE CLOSED NOW - FEEL FREE TO CONTINUE IT Copyright 2017 Insanity Framework (IF) 2.0 END Written by: * Alisson Moretto - 4w4k3 Special Thanks to Thomas Perkins - Ekultek Insanity Payload consists of encrypting your code and decrypting it in memory, thus avoiding a possible av signature, also has the ability to wait long enough to bypass a running sandbox. **NOTE: Insanity payloads may experience a 1 minute delay while connecting, this is necessary in order to bypass most avs and sandboxes. ** Twitter: @4w4k3Official DISCLAIMER: "DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE." Taken from LICENSE. INSTALLATION OF DEPENDENT LIBRARIES cd Insanity-Framework chmod +x install.sh ./install.sh That's it Features Bypass most AV and Sandboxes. Remote Control. Payload Generation. Some Phishing methods are included on payloads generated. Detect Virtual Machines. Multiple Session disabled. Persistence and others features can be enabled. Bypass UAC. Memory Injection. Needed dependencies apt wine wget Linux sudo access python2.7 python 2.7 on Wine Machine pywin32 on Wine Machine VCForPython27 on Wine Machine Tested on: Kali Linux - SANA Kali Linux - ROLLING Ubuntu 14.04-16.04 LTS Debian 8.5 Linux Mint 18.1 Black Arch Linux Cloning: git clone [Hidden Content] Running: sudo python insanity.py If you have another version of Python: sudo python2.7 insanity.py Screenshot: More in Screens Contribute: Send me more features if you want it 😄 I need your help for Insanity to become better! Things needed to be improved and future updates: File Transfer (FTP) Webcam Snaps and Streaming Keylogging Print Screens Download: [HIDE][Hidden Content]]
  19. In WinRAR versions prior to and including 5.61, there is path traversal vulnerability when crafting the filename field of the ACE format (in UNACEV2.dll). When the filename field is manipulated with specific patterns, the destination (extraction) folder is ignored, thus treating the filename as an absolute path. This module will attempt to extract a payload to the startup folder of the current user. It is limited such that we can only go back one folder. Therefore, for this exploit to work properly, the user must extract the supplied RAR file from one folder within the user profile folder (e.g. Desktop or Downloads). User restart is required to gain a shell. View the full article
  20. TheDoctor says: This is an Android application, which runs a background service on boot to receive commands. Sounds simple, is simple. Features Background service, which is able to receive commands Service is running on boot C&C via E-Mail (And here we got the first point, which should get discussed… See below ) Communication is encrypted with XOR (Yeeha, directly got the second discussion point ) A solid error-handling, that our Client doesn’t crash due to connection errors or invalid input Remote Administration via Windows application (Should run under Linux with Mono too… Maybe someone here want to test it?) Commands At the moment I only included two POC commands to show how commands in generell can be added. Of course these ones are pretty boring, but you can easily extend the RAT with your one ones! And I’ll add more useful commands in the next days/weeks. Show a Toast Open a webpage Why do you use E-Mail for C&C? Mmh… I didn’t want to use Reverse TCP and have recently read about E-Mail C&C, which I wanted to try out. At the moment I’ve got no problems with this decision, but you should add FTP support, when you want to send files or big data back to your Server. XOR-encryption? Are you fuckin’ serious, man? Of course that’s not meant for real protection . I just wanted to have something to hide my communication from “normal” people. I’ll add AES + Some sort of origin-validation, which takes us to the next point: WARNING At the moment anyone can hijack the connection and send commands to our Client, who knows the Server’s Mail address (Password’s not needed; keyword is spoofing), the Client’s Mail address andthe XOR key! I don’t think you want anyone to send weird messages to your Girlfriend, after you infected her with the RAT, so I’ll fix this soon . Setup Here comes the newbie friendly guide on how to build an APK out of the source code, setup the required Mail addresses and use the Control Server for sending commands! I use Win10 64-Bit with Visual Studio 2015. Other OSs and IDEs couldwork, but are not supported! Ok, now after I’ve created a bad mood for the Linux and Mac users here, we can go further on . (Little side note: I would have used Linux, but sadly Xamarin is only available for Windows and MacOS… And programming in Java is out of discussion) Client First you have to install Visual Studio with Xamarin. Don’t know how? See here 82. Now download the project from my Github page 248. Run Visual Studio and open the project: Select now the Project file: Now you only have to open the Globals file from the project Argus - RAT. Not Argus - RAT ~ Server! You should see the Globals.cs file now in the middle of your screen. Here’s the only place you have to edit. If you don’t know what you’re doing, don’t touch other files! It’s not needed. Ok, as you see you’ll need two Mail addresses, which you have to create on your own. As an example I use [Hidden Content] 59, because they don’t check anything, so you can easily create the addresses anonymously, but I don’t know wether you understand the page, without a knowledge of german . Of course you can use Gmail too, but they always ask me for validation via phone call… Anyway, the important part is that you may have to allow POP & IMAP access to your account in the Mail settings of your provider! [Hidden Content] 59needs it and I think others need it too! Just google around, if you don’t know . If you use another provider and not [Hidden Content] 59, you’ll have to change the Mail Server settings in Globals.cs too! And another time, just google around for POP & SMTP address + ports and I’m sure you’ll find it . Ok, after you’re done fill in your details in Globals.cs: //-\\-//-\\-//-\\-//-\\-//- MAIL STUFF -\\-//-\\-//-\\-//-\\-//-\\ // MAIL SERVER Only needs to be changed, when you use another provider public String MailServerPopAddress = "pop3.web.de"; public String MailServerSmtpAddress = "smtp.web.de"; public int MailServerSmtpPort = 587; public int MailServerPort = 995; // CLIENT public String ClientMailAddress = "Client@web.de"; // The address of the client public String ClientMailPass = "p455w0rd"; // The password of your Client's mail address // SERVER public String ServerMailAddress = "Server@web.de"; // The address of your Server // ENCRYPTION public String XorKey = "testKeyOfDoom"; // The key you use for encrypion. Please use something hard, because you won't have to fill it in any forms multiple times. You'll just have to fill it in, when you add the Client to your Server (See later) and then you can just forget it! After you changed the relevant values check them twice! You won’t get a second chance. When the .APK is sent to your victim and it doesn’t work, it’ll get interesting to tell him/her that he/she has to install your “new” version of the program, just because you filled in the wrong credentials… Sure that you’re ready? Then we come to the building process… First, change the mode to “Release”: Then select Tools -> Android -> Publish Android App. Now you should get a screen like this one, if you do it the first time: Just fill in whatever you like to create new keys for signing and continue. On the next screen choose the path to save it to and the name. Ready? Click Publish! Now it takes some time… When it’s finished, you got a fully working Android Remote Administration Tool! Just send the .APK to your victim and when he/she installs and opens it you’re in! Server The setup of our Server is much easier. Either open the Argus - RAT ~ Server project in Visual Studio and run it by pressing F5 or search the Argus - RAT ~ Server directory manually and run the executable in the Release directory. That’s up to you . Anyway, you’ll get this: Yes, not that great stuff… As I said above, I’ve only added two POC commands, but I’ll explain later how you can add your very own functions! For now just click Add Client. Explanation Name: The name you want to call your Client. It’s just a description and does not depend on anything, so you can choose whatever you want . Client’s Mail address: The address you chose for your Client. Server’s Mail address: The address you’ll use for the Server. Server’s Mail password: Don’t know what should be here? Please just go to [Hidden Content] 20 or any other kids place… Encryption Key: The key you used in the Globals.cs file! Upper and lower case is respected! And that was it. Now you can select the Client via ComboBox and send him commands: Developer? You are a developer and want to extend the RAT’s features? Then you’re exactly the kind of person I appreciate here . Ok, to make it easier for you I’ll explain every step you have to make, when you want to add your function! I hope you’ve already opened the project in Visual Studio. If not, do so. The important files are: Argus - RAT MainService.cs Commands.cs Argus - RAT ~ Server Commands.cs And you should add your own entry in the Form. That’s up to you, how you want to do it, so I don’t explain this step. Every file is open? Great, let’s go on. Think about it… What do you want as a new function? What arguments are needed? Which name do you want to give the command? These questions have to be answered before you continue. As an example I’ll use the Toast command I already added. Name: Toast Argument(s): Text Server (Commands.cs) In the Commands.cs file you only have to add a function like this one: /// <summary> /// Sends a Toast to Client /// </summary> /// <param name="text">The Toast to show</param> public bool SendToast(String text) { String body = "Toast:" + text; return SendMail(body); } Please put it below the /* Commands*/ comment, so that everything’s in the right order . Explanation The only thing I have to explain is the String body = "Toast:" + text;. The "Toast:" is used to identify the command when it arrives at your client. Just change Toast with the name you’ve chosen fo your function and the arguments behind with the ones you need. If you got any questions feel free to ask me . Client In the MainService.cs you just have to add an else if to the handleCommand() function. Example: else if (cmd == "toast") Commands.ShowWebsite(value); Make sure to use lowercase even when you used uppercase at Server-side. The command will be made lowercase, when it arrives at the client! value is everything behind the colon. And now the setup is finished and you can start writing your own function! Open Commands.cs and add your Code. For example: /// <summary> /// Shows the given text as toast /// </summary> /// <param name="text">Text to toast out</param> public static void ShowToast(String text) { Application.SynchronizationContext.Post(_ => { Toast.MakeText(Android.App.Application.Context, text, ToastLength.Long).Show(); }, null); } Now you’ve made your own function within about 5 minutes! Conclusion Wow, it got longer than I thought . I hope you’re enjoying this and are interested in extending the features . I’ll add different improvements in the next days, so make sure to check it out . For everyone who wants to test out his own features or just want to try the RAT without using any samrtphone, I can recommend Bluestacks 11! It is annoying as CAPTCHAs, but very helpfull, if you just want to easily test your apps in a nearly real environment. |-TheDoctor-| [HIDE] [Hidden Content]]
  21. This Metasploit module exploits SQL injection and command injection vulnerabilities in ManageEngine AM 14 and prior versions. An unauthenticated user can gain the authority of "system" on the server due to the SQL injection vulnerability. The exploit allows the writing of the desired file to the system using the postgresql structure. The module is written over the payload by selecting a file with the extension ".vbs" that is used for monitoring by the ManageEngine which working with "system" authority. In addition, it dumps the users and passwords from the database for us. After the harmful ".vbs" file is written, the shell session may be a bit late. View the full article
  22. RemoteMouse version 3.008 suffers from an arbitrary remote command execution vulnerability. View the full article
  23. This Metasploit module exploits a command execution vulnerability in CuteNews prior to version 2.1.2. The attacker can infiltrate the server through the avatar upload process in the profile area. There is no realistic control of the $imgsize function in "/core/modules/dashboard.php" Header content of the file can be changed and the control can be bypassed. We can use the "GIF" header for this process. An ordinary user is enough to exploit the vulnerability. No need for admin user. The module creates a file for you and allows RCE. View the full article
  24. A vulnerability in the web-based management interface of the Cisco RV130W Wireless-N Multifunction VPN Router could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability is due to improper validation of user-supplied data in the web-based management interface. An attacker could exploit this vulnerability by sending malicious HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system of the affected device as a high-privilege user. RV130W Wireless-N Multifunction VPN Router versions prior to 1.0.3.45 are affected. Note: successful exploitation may not result in a session, and as such, on_new_session will never repair the HTTP server, leading to a denial-of-service condition. View the full article
  25. This Metasploit module allows the user to run commands on the server with the teacher user privilege. The 'Upload files' section in the 'File Manager' field contains an arbitrary file upload vulnerability. View the full article