obliteratus-brain

OBLITERATUS BRAIN The Persistent Knowledge Layer for OBLITE...

CVE-2018-25221

EChat Server 3.1 contains a buffer overflow vulnerability in the chat.ghp endpoint that allows remote attackers to execute arbitrary code by supplying an oversized username parameter. Attackers can send a GET request to chat.ghp with a malicious username value containing shellcode and ROP gadgets...

CVE-2018-25224

PMS 0.42 contains a stack-based buffer overflow vulnerability that allows local unauthenticated attackers to execute arbitrary code by supplying malicious values in the configuration file. Attackers can craft configuration files with oversized input that overflows the stack buffer and execute she...

CVE-2018-25221

EChat Server 3.1 contains a buffer overflow vulnerability in the chat.ghp endpoint that allows remote attackers to execute arbitrary code by supplying an oversized username parameter. Attackers can send a GET request to chat.ghp with a malicious username value containing shellcode and ROP gadgets...

CVE-2018-25221

Affected product: EChat Server 3.1. Vulnerability: Buffer overflow in the chat.ghp endpoint, exploitable by sending a GET request with an oversized username value, leading to remote code execution in the application context. The provided description states that shellcode and ROP gadgets can be us...

CVE-2018-25217 PDF Explorer 1.5.66.2 Structured Exception Handler Local Code Execution

PDF Explorer 1.5.66.2 contains a structured exception handler SEH overflow vulnerability that allows local attackers to execute arbitrary code by overwriting SEH records with malicious data. Attackers can craft a payload with buffer overflow, NSEH jump, and ROP gadget chains that execute when the...

Bropper - An Automatic Blind ROP Exploitation Tool

An automatic Blind ROP exploitation python tool Abstract BROP Blind ROP was a technique found by Andrew Bittau from Stanford in 2014. Original paper Slides Most servers like nginx, Apache, MySQL, forks then communicates with the client. This means canary and addresses stay the same even if there ...

ELFXtract - An Automated Analysis Tool Used For Enumerating ELF Binaries

ELFXtract is an automated analysis tool used for enumerating ELF binaries Powered by Radare2 and r2ghidra This is specially developed for PWN challenges and it has many automated features It almost displays every details of the ELF and also decompiles its ASM to C code using r2ghidra Decompiling...

Four More Bugs Patched in Microsoft’s Azure Sphere IoT Platform

Details tied to a pair of remote code execution bugs in Microsoft’s IoT security platform called Azure Sphere were released Monday. Also made public were specifics associated with two additional privilege escalation flaws impacting the same cloud security platform. Public disclosure of all four o...

Valve: OOB reads in network message handlers leads to RCE

Vulnerability In Source engine games there are many network messages sent from the server to the client that take an entity index. There is a common pattern among many of these messages for the lower bounds of the entity index to be checked but not the upper bounds. In many cases these out of bou...

PEDA - Python Exploit Development Assistance For GDB

PEDA - Python Exploit Development Assistance for GDB Key Features: Enhance the display of gdb: colorize and display disassembly codes, registers, memory information during debugging. Add commands to support debugging and exploit development for a full list of commands use peda help: aslr --...

MikroTik RouterOS 6.38.4 (x86) - Chimay Red Stack Clash Remote Code Execution

MikroTik RouterOS 6.38.4 x86 - Chimay Red Stack Clash Remote Code Execution !/usr/bin/env python2 Mikrotik Chimay Red Stack Clash Exploit by wsxarcher based on BigNerd95 POC tested on RouterOS 6.38.4 x86 ASLR enabled on libs only DEP enabled import socket, time, sys, struct from pwn import import...

PHP 5.5.33 / 7.0.4 - SNMP Format String

Exploit for multiple platform in category remote exploits // Should bypass ASLR/NX just fine // This exploit utilizes PHP's internal "%Z" zval // format specifier in order to achieve code-execution. // We fake an object-type zval in memory and then bounce // through it carefully. First though, we...

PHP 5.5.33/7.0.4 - SNMP Format String

// Should bypass ASLR/NX just fine // This exploit utilizes PHP's internal "%Z" zval // format specifier in order to achieve code-execution. // We fake an object-type zval in memory and then bounce // through it carefully. First though, we use the same // bug to leak a pointer to the string itsel...

Using EMET to Disable EMET

UPDATE July 7: This post has been updated in advance of a Black Hat 2016 presentation. Microsoft’s Enhanced Mitigation Experience Toolkit EMET is a project that adds security mitigations to user mode programs beyond those built in to the operating system. It runs inside “protected” programs as a...

Apple Mac OSX networkd - effective_audit_token XPC Type Confusion Sandbox Escape

Apple Mac OSX networkd - effectiveaudittoken XPC Type Confusion Sandbox Escape // Requires Lorgnette: https://github.com/rodionovd/liblorgnette // clang -o networkdexploit networkdexploit.c liblorgnette/lorgnette.c -framework CoreFoundation // ianbeer include include include include include inclu...

IBM Lotus Domino iCalendar MAILTO Buffer Overflow

No description provided by source. $Id: dominoicalendarorganizer.rb 12236 2011-04-04 17:43:34Z sinn3r $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing an...

Castripper 2.50.70 - (.pls) stack buffer overflow DEP bypass exploit

No description provided by source. !/usr/bin/python Castripper 2.50.70 .pls stack buffer overflow w/ DEP bypass exploit Author: mrme - https://net-ninja.net - mrme AT corelan.be Download: http://www.mini-stream.net/castripper/ Tested on Wind0ws XP SP3 /noexecute=alwayson Greetz: Corelan Security...

EMC Networker Format String

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3...

Castripper 2.50.70 - .pls DEP Bypass

Castripper 2.50.70 - .pls DEP Bypass Castripper 2.50.70 .pls exploit Stack buffer overflow/DEP bypass Download: http://www.mini-stream.net/castripper/ Tested on Wind0ws XP SP3 DEP:OptOut Author: Lucfer ------ [email protected] All ROP gadgets are from the APP's DLLs except for the hardcoded...