This Metasploit module scans for PocketPAD login portal, and performs a login bruteforce attack to identify valid credentials.
6d0f4bff5b8014dcb33ba5fb9fc7c79847f53b034420ec4dd15d8637bbcb8584This Metasploit module attempts to scan for InfoVista VistaPortal Web Application, finds its version and performs login brute force to identify valid credentials.
988a25a91ec5ad89fac76dcea1a6f311b0572b6b6646957ee931ee76d8973e13This Metasploit module scans for Oracle Integrated Lights Out Manager (ILO) login portal, and performs a login brute force attack to identify valid credentials.
005ee9252b6b898747ac11640f9281ae714b72b248964250e52cc46aa69e2a75This Metasploit module exploits an OS Command Injection vulnerability in Cambium ePMP 1000 (<v2.5) device management portal. It requires any one of the following login credentials - admin/admin, installer/installer, home/home - to execute arbitrary system commands.
b93785a449ad38017240b00d0972f852a7711ec6c79aed758af2044256455c1fThis Metasploit module scans for EtherPAD Duo login portal, and performs a login bruteforce attack to identify valid credentials.
5b08b79d78435d7b19085b9bfec6075eb5093f11b68f923725b1ed014d85321eThis Metasploit module exploits an access control vulnerability in Cambium ePMP device management portal. It requires any one of the following non-admin login credentials - installer/installer, home/home - to reset password of other existing user(s) including admin. All versions less than or equal to3.5 are affected. This Metasploit module works on versions 3.0-3.5-RC7.
956f2fe0af3391b41c4ba29545c942e1168defdca0fa714c74890ac611b33384This Metasploit module simply attempts to login to a RFCode Reader web interface. Please note that by default there is no authentication. In such a case, password brute force will not be performed. If there is authentication configured, the module will attempt to find valid login credentials and capture device information.
2bebb43ed7e3c7afb31c6a515dcd02ee4a3a173a63ba555a06a6d7d1740c7a9eThis Metasploit module exploits an authentication bypass vulnerability in Meteocontrol WEBLog appliances (software version < May 2016 release) to extract Administrator password for the device management portal.
d93c088abc0e3aba59a5a03a43b8b57830fee0e8f25c25fecb18e0546ee066f7This Metasploit module scans for ServerTechs Sentry Switched CDU (Cabinet Power Distribution Unit) web login portals, and performs login brute force to identify valid credentials.
ea9a49f43b18efdec70397195d549a5898b68c47aa21c2551cd1058b7efb808cThis Metasploit module scans for Binom3 Multifunctional Revenue Energy Meter and Power Quality Analyzer management login portal(s), and attempts to identify valid credentials. There are four (4) default accounts - root/root, admin/1, alg/1, user/1. In addition to device config, root user can also access password file. Other users - admin, alg, user - can only access configuration file. The module attempts to download configuration and password files depending on the login user credentials found.
bcab8ec22cea914c0a70c4455d9181411a735536e8211c52497c14b6f63cdc3dThis Metasploit module scans for OpenMind Message-OS provisioning web login portal, and performs a login brute force attack to identify valid credentials.
28480da105e7aa249ae3a2817a7fb69f5cd9b5986973631805327c9c32624fc3This Metasploit module scans for Cisco Ironport SMA, WSA and ESA web login portals, finds AsyncOS versions, and performs login brute force to identify valid credentials.
19d08d4f5b105944f70b819c179403363836a5d079c1223718e0f4bb91836bf6This Metasploit module exploits an OS Command Injection vulnerability in Cambium ePMP 1000 (v3.1-3.5-RC7) device management portal. It requires any one of the following login credentials - admin/admin, installer/installer, home/home - to execute arbitrary system commands.
92a4864129aa26347a88ded4b4b8081bee53367dd7caa7d96beb8dcd80e518edThis Metasploit module scans for SevOne Network Performance Management System Application, finds its version, and performs login brute force to identify valid credentials.
5a7279046e193862f8e56a0f233f88011983f4d1be98b5e56194d2a05ba841bdThis Metasploit module exploits an OS Command Injection vulnerability in Cambium ePMP 1000 (<v2.5) device management portal. It requires any one of the following login credentials - admin/admin, installer/installer, home/home - to dump system hashes.
a9c4f891ba35670965cbd8f6e5b470df2c52034fe81dac01b6ae9de45c939769This Metasploit module scans for Radware AppDirectors web login portal, and performs login brute force to identify valid credentials.
06be4d3b7aacdc65c359d439b5b7fed02d8b06ee7fa5627c57d94a1ea6709f9fThis Metasploit module scans for Cambium cnPilot r200/r201 management login portal(s), attempts to identify valid credentials, and dump device configuration. The device has at least two (2) users - admin and user. Due to an access control vulnerability, it is possible for user account to access full device config. All information, including passwords, and keys, is stored insecurely, in clear-text form, thus allowing unauthorized admin access to any user.
d31132b302a58be7536cbcd0797d373163a704589e02303f4892827ccbf43ce2This Metasploit module scans for Carlo Gavazzi Energy Meters login portals, performs a login brute force attack, enumerates device firmware version, and attempt to extract the SMTP configuration. A valid, admin privileged user is required to extract the SMTP password. In some older firmware versions, the SMTP config can be retrieved without any authentication. The module also exploits an access control vulnerability which allows an unauthenticated user to remotely dump the database file EWplant.db. This db file contains information such as power/energy utilization data, tariffs, and revenue statistics. Vulnerable firmware versions include - VMU-C EM prior to firmware Version A11_U05 and VMU-C PV prior to firmware Version A17.
3a2fe6ae241d7bc770da540bcb83abdb83c648d4574baa5d27bd2bc789842598This Metasploit module scans for Cambium ePMP 1000 management login portal(s), and attempts to identify valid credentials. Default login credentials are - admin/admin, installer/installer, home/home and readonly/readonly.
bda3bfb0162577241e9df8396f867a3570d76ffac171cda6fc1d9d680111df49This Metasploit module exploits an OS Command Injection vulnerability in Satel Iberia SenNet Data Loggers and Electricity Meters to perform arbitrary command execution as root.
5df4a9c4167f240a3d070d03d8d0e146532998c8387bae034befc386cfb709d1Cambium cnPilot r200/r201 device software versions 4.2.3-R4 to 4.3.3-R4, contain an undocumented, backdoor root shell. This shell is accessible via a specific url, to any authenticated user. The module uses this shell to execute arbitrary system commands as root.
cce7da9c26f8e8caf232905b3e36a9ab132e3adc8e18feeb48e4f97de90a8cefThis Metasploit module exploits a File Path Traversal vulnerability in Cambium cnPilot r200/r201 to read arbitrary files off the file system. Affected versions - 4.3.3-R4 and prior.
25789dadd8ff6d96aa27621f32e6f7a3a787924a0b8e5b0e36fc86a7a94f1f27Apache ZooKeeper server service runs on TCP 2181 and by default, it is accessible without any authentication. This Metasploit module targets Apache ZooKeeper service instances to extract information about the system environment, and service statistics.
f9b240045784798cc72ff0698945798f2aa501f213900a5c9466f36f732cc260This Metasploit module exploits an OS Command Injection vulnerability in Cambium ePMP1000 device management portal. It requires any one of the following login credentials - admin/admin, installer/installer, home/home - to set up a reverse netcat shell.
80ffaf7cb462642699e6294696050604e8ce8895cc84c13a29c4668c10b20da4This Metasploit module exploits an OS Command Injection vulnerability in Cambium ePMP1000 device management portal. It requires any one of the following login credentials - admin/admin, installer/installer, home/home - to set up a reverse netcat shell. The module has been tested on versions 3.1-3.5-RC7.
19c3372a730e1d8d0af6219db6b006294c0a1e69708189476bc93f45950021eb
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed