«
Expand/Collapse
161 items tagged "admin"
Related tags:
php [+],
login [+],
sql [+],
django [+],
shop [+],
panel [+],
cms [+],
wordpress [+],
web [+],
moku [+],
information disclosure vulnerability [+],
ibm [+],
admin panel [+],
vulnerabilities [+],
sony pc [+],
sony [+],
script [+],
querystring [+],
pc companion [+],
open [+],
msa [+],
index [+],
homepages [+],
csrf [+],
contrib [+],
admin tool [+],
admin index [+],
vulnerability [+],
webapps [+],
tool version [+],
tool 2 [+],
splunk [+],
site [+],
shell [+],
removedirectory [+],
remote [+],
python script [+],
python code [+],
python [+],
php shell [+],
page finder [+],
networks [+],
modems [+],
modem [+],
malaysia [+],
list [+],
information disclosure [+],
iframe [+],
httpd [+],
filter data [+],
file upload [+],
fast [+],
easy [+],
disclosure [+],
data extraction [+],
command execution [+],
code execution [+],
bot [+],
based buffer overflow [+],
backdoor [+],
attacker [+],
advanced [+],
admin account [+],
win32 [+],
win [+],
script code [+],
remote file include vulnerability [+],
php script [+],
password [+],
onarcade [+],
nqcontent [+],
ninkobb [+],
keyword parameter [+],
kamads [+],
joomla [+],
finder [+],
d link [+],
cross site scripting [+],
change [+],
bugtraq [+],
authentication [+],
arbitrary html [+],
administrative panels [+],
admin login [+],
account [+],
zeros [+],
zenphoto [+],
xp sp3 [+],
xataface [+],
wp admin [+],
wojciech bojdol [+],
windows [+],
webmail [+],
web interface [+],
web control center [+],
weather [+],
vnc server [+],
visualcreators [+],
user [+],
upload [+],
unauthorized access [+],
unauthorized [+],
thai [+],
technologie [+],
tcexam [+],
suite [+],
storageworks [+],
spy secrets [+],
sphider [+],
sp3 [+],
softman [+],
social engineering [+],
smf [+],
smartysolution [+],
skalinks [+],
setup [+],
server [+],
seotoaster [+],
selling [+],
saurus cms [+],
retired [+],
renasa [+],
remote script [+],
remote buffer overflow vulnerability [+],
remote buffer overflow [+],
reinstall [+],
proxy support [+],
proxy [+],
primekey [+],
postfix admin [+],
postfix [+],
policy [+],
poc [+],
plz [+],
plume cms [+],
pixie [+],
pixelpost [+],
phpbazar [+],
php sql [+],
perfectxp pc [+],
pc1 [+],
pass [+],
page n5 [+],
page 6 [+],
pa [+],
null [+],
nimda [+],
news articles [+],
nbsp [+],
mysql oracle [+],
mysql [+],
mybb [+],
multiple [+],
monarch [+],
merchant v2 [+],
merchant [+],
mediaadmin [+],
manager plugin [+],
mambohelpdesk [+],
malicious script [+],
majorsecurity [+],
lindy hop [+],
lindy [+],
lightneasy [+],
kubelance [+],
krakow [+],
kora [+],
jailed [+],
infotech [+],
information [+],
hyperactive pc [+],
hyperactive [+],
human brain [+],
hp storageworks [+],
hop [+],
hidden [+],
help [+],
hck [+],
hashes [+],
group [+],
graugon [+],
gotchas [+],
good resources [+],
goldmp [+],
gameroom [+],
ftp [+],
freepbx [+],
found [+],
forum admin [+],
forum [+],
former [+],
exploit [+],
ejbca [+],
editor php [+],
ecocms [+],
dr. web [+],
dowgroup [+],
dont [+],
don [+],
domain admin [+],
design extensions [+],
design [+],
datawatch monarch [+],
datawatch [+],
darkmarket [+],
cpanel [+],
coupons [+],
control [+],
contenidos [+],
comdev [+],
com [+],
cognos [+],
code [+],
cmsqlite [+],
classifieds [+],
change admin password [+],
cgi script [+],
cgi [+],
center [+],
cdr [+],
can [+],
call comp [+],
buffer overflow vulnerability [+],
bsides [+],
brain [+],
bogorcyberpark [+],
behavior [+],
azimut [+],
auth [+],
atmail [+],
atlanta [+],
anyone [+],
administration side [+],
administrador [+],
admin version [+],
admin section [+],
admin code [+],
access [+],
Pentesting [+],
General [+],
Discussion [+],
Area [+],
day [+],
page [+],
sql injection [+]
-
-
7:39
»
Packet Storm Security Exploits
Sony PC Companion version 2.1 suffers from a boundary error in PluginManager.dll when handling the value assigned to the 'Path' item in the Admin_RemoveDirectory function and can be exploited to cause a stack-based buffer overflow via an overly long string which may lead to execution of arbitrary code on the affected machine.
-
7:39
»
Packet Storm Security Recent Files
Sony PC Companion version 2.1 suffers from a boundary error in PluginManager.dll when handling the value assigned to the 'Path' item in the Admin_RemoveDirectory function and can be exploited to cause a stack-based buffer overflow via an overly long string which may lead to execution of arbitrary code on the affected machine.
-
7:39
»
Packet Storm Security Misc. Files
Sony PC Companion version 2.1 suffers from a boundary error in PluginManager.dll when handling the value assigned to the 'Path' item in the Admin_RemoveDirectory function and can be exploited to cause a stack-based buffer overflow via an overly long string which may lead to execution of arbitrary code on the affected machine.
-
-
17:00
»
SecuriTeam
Zenphoto is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input.
-
-
3:11
»
Packet Storm Security Exploits
P1 Networks provided modems to users in Malaysia with httpd exposed to the Internet and admin/admin123 left in as a login. Whoops.
-
-
17:00
»
SecuriTeam
Kamads Classifieds is prone to multiple information-disclosure vulnerabilities.
-
-
5:00
»
Carnal0wnage
Several (tm) months back I did my talk on "From LOW to PWNED" at
hashdays and
BSides Atlanta.
The slides were published
here and the video from hashdays is
here, no video for BSides ATL.
I consistently violate
presentation zen and I try to make my slides usable after the talk but I decided to do a few blog posts covering the topics I put in the talk anyway.
Post [1] Exposed Services and Admin Interfaces
Exposed Services:An example of exposed services and making sure you check for default and common passwords. so first example is a VNC server with no password. This gives us a HIGH severity finding

The following is a VNC server with a password of "password"

see the problem? Same thing goes for SSH, Telnet, FTP, etc. Don't forget about databases as well, MS SQL, MySQL, Oracle, Postgres listening out to the Internet at large.
Admin Interfaces:Admin interfaces can be gold. the problem is 1) you have to find them on the random ass port they are running on and 2) you have to get eyes on them. this can be a hassle/problem/hard to do.
So to bring the "low" to it. some random HTTP server gets you this in Nessus

Now, to be fair this could be totally accurate, but the point is you need to look at what is being served on this HTTP server, could be something could be nothing, no way to know unless you look. Finding useful HTTP pages on all the random ports can be challenging.
Here is a possible methodology for doing it:
- Nmap your range
- Import your nmap results into metasploit
- Use the db_ searches to pull out a list of hosts & ports
- With the magic of scripting languages make that list into an html page(s)
- Use linky to open all those links
Kinda goes like this:
after you have imported your nmap results, uses the services option.

If its populated you'll get a list or results like the below

Output that stuff to a CSV
msf > services -o /tmp/demo.csv
Take that CSV and run some ruby on it

The above code will output an html file that you can open with
linky
linky will open each link in a new tab allowing you a way to get eyes on each of those random HTTP(S) services.

You can now start intelligently trying default passwords or viewing exposed content.
Thoughts?
-CG
-
-
5:33
»
Packet Storm Security Exploits
ATMAIL WebMail Admin version 6.3.4 suffers from multiple cross site scripting / malicious script insertion vulnerabilities.
-
-
20:54
»
Packet Storm Security Exploits
This Metasploit module abuses a command execution vulnerability within the web based interface of Splunk 4.2 to 4.2.4. The vulnerability exists within the 'mappy' search command which allows to run python code. To exploit this vulnerability a valid Splunk user with the admin role is required. Unfortunately, Splunk uses a default credential of 'admin:changeme' for admin access, which is used to leverage our attack. The Splunk Web interface runs as SYSTEM on Windows and as root on Linux by default.
-
20:54
»
Packet Storm Security Recent Files
This Metasploit module abuses a command execution vulnerability within the web based interface of Splunk 4.2 to 4.2.4. The vulnerability exists within the 'mappy' search command which allows to run python code. To exploit this vulnerability a valid Splunk user with the admin role is required. Unfortunately, Splunk uses a default credential of 'admin:changeme' for admin access, which is used to leverage our attack. The Splunk Web interface runs as SYSTEM on Windows and as root on Linux by default.
-
20:54
»
Packet Storm Security Misc. Files
This Metasploit module abuses a command execution vulnerability within the web based interface of Splunk 4.2 to 4.2.4. The vulnerability exists within the 'mappy' search command which allows to run python code. To exploit this vulnerability a valid Splunk user with the admin role is required. Unfortunately, Splunk uses a default credential of 'admin:changeme' for admin access, which is used to leverage our attack. The Splunk Web interface runs as SYSTEM on Windows and as root on Linux by default.
-
-
7:25
»
Packet Storm Security Exploits
Homepages Admin suffers from a remote SQL injection vulnerability that allows for authentication bypass. An attacker can then upload a php shell.
-
7:25
»
Packet Storm Security Misc. Files
Homepages Admin suffers from a remote SQL injection vulnerability that allows for authentication bypass. An attacker can then upload a php shell.
-
-
9:56
»
Carnal0wnage
I covered some of the halflm challenge sniffing stuff in a previous
post.
but I had to revisit it the other day for work and couldn't find the actually tables and program from the post.
so here are some updated links.
where to grab the tables:
http://freerainbowtables.mirror.garr.it/mirrors/freerainbowtables/halflmchall/where to grab the program:
http://sourceforge.net/projects/rcracki/Some gotchas I ran into on the last PT was some reason getting odd hashes in the
SMB and
NTLM sniffing modules.
in some cases the hashes were not the same for the same username and hostname, these were unusable, I also had some that had a bunch of zeros in them, those were also not crackable.
Windows 2000 2195:Windows 2000 5.0:1122334455667788:4c4d5353500003000000010001004600000000000000470000000000000040000000000000004000000006000600400000001000100047000000158a88e048004f0044000081196a7af2e4491c28af3025741067535700:00000000000000000000000000000000
But I did get smb_login scanned, that was fun:
ADMIN Windows 2000 2195Windows 2000 5.0:NULL:1122334455667788:59de5d885e583167c3a9a92ac42c0ae52f85252cc731bb25:5ada49d539bd174e7049805dc1004925e25130c33dbe892a ADMIN Windows 2000 2195Windows 2000 5.0:NULL:1122334455667788:40305b22075d6000d0508d9ad1f7beb02f85252cc731bb25:337c939e66480243d1833309b8afe49a81fe4c5e646bf00a ADMIN Windows 2000 2195Windows 2000 5.0:NULL:1122334455667788:daf3570c10ed2817c3d8a05d69f9ef292f85252cc731bb25:d3fb390bac5d152f7a394466fbef686e275d05b99c0a115e ADMIN Windows 2000 2195Windows 2000 5.0:NULL:1122334455667788:76365e2d142b5612980c67d057eb9efeee5ef6eb6ff6e04d:727b4e35f947129ea52b9cdedae86934bb23ef89f50fc595 ADMIN Windows 2000 2195Windows 2000 5.0:NULL:1122334455667788:d737aa8f95ce38359cab5d8a2519c4b92f85252cc731bb25:0624a3f7d457c54b163c641dbf4b7963548ef1c5d0397cbf ADMIN Windows 2000 2195Windows 2000 5.0:NULL:1122334455667788:0e89a68d07e315c6035e82b757b955882f85252cc731bb25:58f2d720179b4a38a0523e02aef0d41dacccd6577eaa943c ADMIN Windows 2000 2195Windows 2000 5.0:NULL:1122334455667788:aa9436c1d40cb53f3e7a20091c4b931c2f85252cc731bb25:8ac45acdbd60f2fad3081ecf005536efa6009c21ca5faf36 ADMIN Windows 2000 2195Windows 2000 5.0:NULL:1122334455667788:dce867f0cb638db2dbcc3576a52dc4612f85252cc731bb25:8990b33dac65c5ef75073829894b911a983c1e260fbd1097 ADMIN Windows 2000 2195Windows 2000 5.0:NULL:1122334455667788:6f9d851d74c8a095c9df672a1554bebc2f85252cc731bb25:89953de6f957b7db5fe664d23af3de41dd38f5ec0a4a6eb0 ADMIN Windows 2000 2195Windows 2000 5.0:NULL:1122334455667788:cc96cc93b4dc9b7582273227fd61a5952f85252cc731bb25:76d3c3deb0bb8ef1a1e41ab6a3f6c686a321ce016c624567 ADMIN Windows 2000 2195Windows 2000 5.0:NULL:1122334455667788:cc96cc93b4dc9b754db66776827758d30b7892eef2e3f2bc:df58ae0f786becc11be11034dc53b21bdf1d73579af868d1 ADMIN Windows 2000 2195Windows 2000 5.0:NULL:1122334455667788:de5d1d85daf6593d0a09ff32049013ab2f85252cc731bb25:526471d8c4a0ecc8af05851804ea8fdd26848fa3ccc63152 ADMIN Windows 2000 2195Windows 2000 5.0:NULL:1122334455667788:b8489edee1058b43f3ce0f0abe5a16872f85252cc731bb25:57b9c47a75335692f60e787e41cd16a292a21bc667b3fd02 ADMIN Windows 2000 2195Windows 2000 5.0:NULL:1122334455667788:2b6b134af8d48f2a972bff5660420d582f85252cc731bb25:5018402148e15a8d77cb22dd46f1449a2791416b73ee9c3d ADMIN Windows 2000 2195Windows 2000 5.0:NULL:1122334455667788:bb49aefd51ed0dccd5be291bd33be3052f85252cc731bb25:c9b255750bd88ac72e03adafda261e62618c943f7d59daf5
-
-
22:00
»
Packet Storm Security Recent Files
Secunia Research has discovered some vulnerabilities in TomatoCMS, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the keyword and article-id parameters to index.php/admin/news/article/list, the keyword parameter to index.php/admin/multimedia/set/list, the keyword and fileId parameters to index.php/admin/multimedia/file/list, and the name , email , and address parameters to index.php/admin/ad/client/list is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in the users browser in context of the affected site.
-
22:00
»
Packet Storm Security Advisories
Secunia Research has discovered some vulnerabilities in TomatoCMS, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the keyword and article-id parameters to index.php/admin/news/article/list, the keyword parameter to index.php/admin/multimedia/set/list, the keyword and fileId parameters to index.php/admin/multimedia/file/list, and the name , email , and address parameters to index.php/admin/ad/client/list is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in the users browser in context of the affected site.
-
-
1:00
»
0day.today (was: 1337day, Inj3ct0r, 1337db)
Oscommerce Online Merchant v2.2 File Disclosure / Admin ByPass
-
-
1:00
»
0day.today (was: 1337day, Inj3ct0r, 1337db)
Azimut Technologie Admin Login Bypass vulnerability
-
-
1:00
»
0day.today (was: 1337day, Inj3ct0r, 1337db)
Administrador de Contenidos Admin Login Bypass vulnerability
-
-
1:00
»
0day.today (was: 1337day, Inj3ct0r, 1337db)
kora Reinstall Admin Information Vulnerability
-
-
15:34
»
0day.today (was: 1337day, Inj3ct0r, 1337db)
Surge-FTP Admin Web interface XSS Vulnerability
-
-
14:00
»
0day.today (was: 1337day, Inj3ct0r, 1337db)
Xataface Admin Auth Bypass Vulnerability
-
-
17:00
»
0day.today (was: 1337day, Inj3ct0r, 1337db)
NinkoBB 1.3RC4 Change Admin and Add New Admin CSRF Vulnerability
-
-
14:10
»
remote-exploit & backtrack
A few years ago i did the A+ and recently i took the MCDST as i managed to get it free as we setup a micorsoft testing centre. i am now working as a desktop support technician in a hospital and am learning alot. i am however becoming frustrated as i really want to learn more about group policy and the server/administration side of things which comes into play alot.
A few years ago i got a complete set of books which is windows 2000 MCSE i was just going to dig them out however is it woth my while reading them or have things changed too much now since server 2003.
I have no more training resource available so i guess im looking for pointers from someone with systems experience to learn about domains, workgroup enviroments and admin/group policy.