This module exploits an authentication bypass in Veeam.Backup.ServiceLib.CForeignInvokerNegotiateAuthenticator.Authenticate. Then a file upload present in ExecuteUploadManagerPerformUpload is used to copy the Web.config file to the Webapp root foler in order to extract the machineKey values to create a ysoserial.NET payload to execute commands. The deployed agent will run with the privileges of the "IIS Worker Process" process (NT AUTHORITY\\NETWORK SERVICE).
This module exploits a JNDI injection present in the log4j library. The deployed agent will run with the same privileges than the user account that ran Solr Server. This exploit will fail if the target system has jdk8u191 or newer.
This module exploits a JNDI injection present in the log4j library. The deployed agent will run with the root user account privileges on Linux systems and with SYSTEM privileges on Windows systems.
This module exploits a JNDI injection present in the log4j library. The deployed agent will run with the root user account privileges on Linux systems and with the same privileges than the user account that ran Apache James on Windows systems. This exploit will fail if the target system has jdk11.0.1 or newer.
This module exploits a heap overflow in ntfs.sys by calling to the "NtQueryEaFile" function with crafted parameters.
This module exploits a path traversal vulnerability present in the getPluginAssets function of Grafana which allows an attacker to download system files through specially crafted HTTP resource requests.
This module exploits a JNDI injection present in the log4j library. The deployed agent will run with the root user account privileges on Linux systems and with SYSTEM privileges on Windows systems.
This module exploits a deserialization vulnerability present in the TypedBinaryFormatter class. The deployed agent will run with the SYSTEM privileges.
This module exploits a OGNL injection vulnerability present in the WebWork component of Atlassian Confluence. The deployed agent will run with tomcat privileges.
An attacker who successfully exploited the vulnerability could execute code with elevated permissions.