Some days ago we tried to use the "exploit/multi/http/hp_sys_mgmt_exec" Metasploit module on one of our targets. The host was vulnerable but a Meterpreter session was not opened: [crayon-60fec0aa33794526890953/] After some…
McAfee Virus Scan Enterprise has a feature to protect settings modification from server admins by setting a password. This password is stored into registry, before version 8.8 the hash of…
Deployed Apps Listing From jmx console use the MainDeployer agent (picture #13) direct url: [crayon-60fec0aa34039289501709/] click on revoke on java.util.Collection listDeployed() item (picture #14). Deployment Scanner [crayon-60fec0aa3403d334984766/] Shutdown From jmx…
to see scheduled jobs select job from USER_JOBS; to see what a job do SELECT JOB, WHAT FROM USER_JOBS WHERE JOB = job_name; to log all sys and system commands;…
This article is nothing new, but it focalizes on giving all information needed to do a sql injection on a SQL SERVER (mssql). All queries will not modify or add…
Oracle 10g Application Server till 10.1.2 .1.0 remote exploiting of what described in: Testing_for_Oracle Bugtraq ID 16384 This example makes use of injection in ORASSO.HOME but these path also work:…
JBOSS is an application server/middleware that use Apache Tomcat as jsp engine; this paper explains how to deploy a custom application in order to operate (read, write, execute) with the…
