Pharos PopUp Printer Client memcpy Code Execution Vulnerability(CVE-2017-2787)

Summary A buffer overflows exists in the psnotifyd application of the Pharos PopUp printer client version 9.0. A specially crafted packet can be sent to the victim's computer and can lead to a heap based buffer overflow resulting in potential remote code execution. This client is always listening...

PHP Video Battle Script 1.0 - SQL Injection

Exploit Title: PHP Video Battle Script 1.0 - SQL Injection Dork: N/A Date: 28.08.2017 Vendor Homepage: http://www.rocky.nu/ Software Link: http://www.rocky.nu/product/php-video-battle/ Demo: http://videobattle.rocky.nu/ Version: 1.0 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A Explo...

Python Pentesting Framework: PytheM

pythem is a multi-purpose pentest framework written in Python. It has been developed to be used by security researchers and security professionals. The tool intended to be used only for acts within the law. I am not liable for any undue and unlawful act practiced by this tool, for more informatio...

Pythem - Penetration Testing Framework

pythem is a multi-purpose pentest framework written in Python. It has been developed to be used by security researchers and security professionals. The tool intended to be used only for acts within the law. I am not liable for any undue and unlawful act practiced by this tool, for more informatio...

Twiga - A Tool That Enumerates Android Devices For Information Useful In Understanding Its Internals And For Exploit Development

A tool that enumerates Android devices for information useful in understanding its internals and for exploit development. It supports android 4.2 to android 7.1.1 Requirements The most current ADB must be in your path and fully functional The report name must not have any whitespace Limitations...

Easy File Sharing Web Server 7.2 - GET HTTP Request (PassWD) Buffer Overflow (SEH) Exploit

Exploit for windows platform in category remote exploits !/usr/bin/python Exploit Title: Easy File Sharing Web Server 7.2 - GET HTTP Request PassWD Buffer Overflow SEH Date: 19 June 2017 Exploit Author: clubjk Author Contact: email protected Vendor Homepage: http://www.sharing-file.com Software...

JAD java Decompiler 1.5.8e - Local Buffer Overflow Exploit

Exploit for linux platform in category local exploits !/usr/bin/python Exploit Author: Juan Sacco at KPN Red Team - http://www.kpn.com Developed using Exploit Pack - http://exploitpack.com - Tested on: GNU/Linux - Kali 2017.1 Release Description: JAD Java Decompiler 1.5.8e-1kali1 and prior is pro...

Pwntools - CTF Framework And Exploit Development Library

pwntools is a CTF framework and exploit development library. Written in Python, it is designed for rapid prototyping and development, and intended to make exploit writing as simple as possible. from pwn import contextarch = 'i386', os = 'linux' r = remote'exploitme.example.com', 31337 EXPLOIT COD...

GDB Exploit Development & Reverse Engineering: pwndbg

GDB Exploit Development & Reverse Engineering pwndbg /poʊndbæg/ is a GDB plug-in that makes debugging with GDB suck less, with a focus on features needed by low-level software developers, hardware hackers, reverse-engineers and exploit developers. Vanilla GDB is terrible to use for reverse...

Memory Corruption Mitigations Driving Up Exploit Development Costs

SINT MAARTEN—Memory corruption mitigations that have been integrated into major desktop and mobile operating systems are driving up the cost of client-side exploit development and making viable vulnerabilities scarcer than they were a decade ago. Mark Dowd, whose career has been intimately linked...

CTF Framework and Exploit Development Library: pwntools

pwntools is a CTF framework and exploit development library. Written in Python, it is designed for rapid prototyping and development, and intended to make exploit writing as simple as possible. Whether you’re using it to write exploits, or as part of another software project will dictate how you...

Cody Pierce on the Future of Exploit Development

Mike Mimoso talks to Cody Pierce, director of vulnerability research and prevention with Endgame, at RSA Conference 2017 about how attackers are changing their techniques in the face of mitigations and continuing to base exploits around legitimate APIs and functions to thwart detection. Download:...

Multi-Architecture GDB Enhanced Features for Exploiters & Reverse-Engineers: GEF

Multi-Architecture GDB Enhanced Features for Exploiters & Reverse-Engineers GEF is a kick-ass set of commands for X86, ARM, MIPS, PowerPC and SPARC to make GDB cool again for exploit dev. It is aimed to be used mostly by exploiters and reverse-engineers, to provides additional features to GDB usi...

From MS16-098 see a Windows 8.1 kernel exploit-vulnerability warning-the black bar safety net

When I first started contact core vulnerability when I don't have any about the kernel of the experience, not to mention to take advantage of a kernel vulnerability, but I'm always for reverse engineering and exploit techniques are very interested. Initially, my idea was simple: find one not...

Microsoft Edge - 'CText­Extractor::Get­Block­Text' Out-of-Bounds Read (MS16-104)

::first-letter border: 0; white-space: pre-line; Aalert;&x­D;&x­D;B Description Though I did not investigate thoroughly, I did find out the following: The root cause appears to be an integer underflow in a 32-bit variable used in CText­Extractor..Get­Block­Text as an index to read a WCHAR in a...

PCMan FTP Server 2.0.7 - 'PORT' Remote Buffer Overflow

!/usr/bin/env python -- coding: utf-8 -- Exploit Title: PCMan FTP Server 2.0 PORT Command BoF Exploit Author: Pablo González Date: 4/11/2016 Software: PCMan 2.0 Tested on: Windows XP Profesional SP3 Spanish x86 import socket print "Creating malicious input!" junk = '\x41'2007 ret="\xf7\x56\x3c\x7...

KarjaSoft Sami FTP Server 2.0.2 - USERPASS Remote Buffer Overflow (SEH)

KarjaSoft Sami FTP Server 2.0.2 - USERPASS Remote Buffer Overflow SEH /usr/bin/python -- Coding: utf-8 -- Sami FTP Server 2.0.2- SEH Overwrite, Buffer Overflow by n30m1nd Date: 2016-01-11 Exploit Author: n30m1nd Vendor Homepage: http://www.karjasoft.com/ Software Link:...

KarjaSoft Sami FTP Server 2.0.2 - USER/PASS Remote Buffer Overflow (SEH) Exploit

Exploit for windows platform in category remote exploits /usr/bin/python -- Coding: utf-8 -- Sami FTP Server 2.0.2- SEH Overwrite, Buffer Overflow by n30m1nd Date: 2016-01-11 Exploit Author: n30m1nd Vendor Homepage: http://www.karjasoft.com/ Software Link:...

Micro Focus Rumba 9.4 - Local Denial of Service Exploit

Exploit for windows platform in category dos / poc Exploit Title: Micro Focus Rumba 9.4 Multiple Local Stack-overflow Date: 29-10-2016 Exploit Author: Umit Aksu Vendor Homepage: http://www.microfocus.com/ Software Link:...

Micro Focus Rumba 9.4 - Local Denial of Service

Exploit Title: Micro Focus Rumba 9.4 Multiple Local Stack-overflow Date: 29-10-2016 Exploit Author: Umit Aksu Vendor Homepage: http://www.microfocus.com/ Software Link: http://nadownloads.microfocus.com/epd/productdownloadrequest.aspx?type=eval&transid=2179441&last4=2179441&code=40231 Version: 9....