Skip to main content

Posts

My First Exploit-DB Submission (HPE Intelligent Management Center dbman Command 10001 Information Disclosure)

Software Link: https://h10145.www1.hpe.com/Downloads/DownloadSoftware.aspx?SoftwareReleaseUId=16759&ProductNumber=JG747AAE&lang=en&cc=us&prodSeriesId=4176535&SaidNumber= Tested on Version: iMC_PLAT_7.1_E0302_Standard_Windows and iMC_PLAT_7.2_E0403_Std_Win Tested on: Windows 7 CVE: CVE-2019-5392 Conversion of Nessus Plugin to Python Exploit Nessus Plugin Name: hp_imc_dbman_cmd_10001_info_disclosure.nasl Description: This vulnerability allows a remote attacker to view the contents of arbitrary directories under the security context of the SYSTEM or root user. See Also: https://www.tenable.com/plugins/nessus/118038 Exploit-DB: https://www.exploit-db.com/exploits/47408 In this exploit, I converted the Nessus Plugin to Python by using Exploit https://www.exploit-db.com/exploits/43198 POC of iMC_PLAT_7.1_E0302_Standard_Windows POC of iMC_PLAT_7.2_E0403_Std_Win

Samurai Weapon For Pentester - NMAP (Services please don't hide)

I always wondered how hackers know  what ports open on a system?  or  How they get what services running on a system?  without asking the admin. Then after some Google search, I found one samurai tool called  NMAP . What is NMAP? NMAP-Net work mappe r as the word suggests is a tool used to scan networks for open, closed, filtered ports, services running on a system, OS detection, or guessing!, finding some vulnerabilities. It is written by  Gordon Lyon . As per my experience, it is the best handy tool, and easy to use for network scanning. In this tutorial, I’ll cover some of the  Kung-Fu  basics of  NMAP  with examples. One of the most interesting facts is that  NMAP  scan  TypeOptionTarget . Let’s say you want to scan a host to see what the version of services running. To do this, run the following command: nmap -sV target Here  TypeOptionTarget  meaning is  -sV  which  stands for  scanning  and  V  stands for  version .   How NMAP works as a default: When you run default command (&q