SIPP 3.3 - Stack-Based Buffer Overflow

SIPP 3.3 - Stack-Based Buffer Overflow Exploit Author: Juan Sacco - http://exploitpack.com Tested on: Kali i686 GNU/Linux Description: SIPP 3.3 is prone to a local unauthenticated stack-based overflow The vulnerability is due to an unproper filter of user suppliedinput while reading the...

SIPP 3.3 - Stack-Based Buffer Overflow

Exploit Author: Juan Sacco - http://exploitpack.com Tested on: Kali i686 GNU/Linux Description: SIPP 3.3 is prone to a local unauthenticated stack-based overflow The vulnerability is due to an unproper filter of user suppliedinput while reading the configuration file and parsing the malicious...

SIPP 3.3 Stack-Based Overflow

Exploit Author: Juan Sacco - http://exploitpack.com Tested on: Kali i686 GNU/Linux Description: SIPP 3.3 is prone to a local unauthenticated stack-based overflow The vulnerability is due to an unproper filter of user supplied input while reading the configuration file and parsing the malicious...

Countly Cross Site Scripting

Exploit Title: Countly-server StoredPersistent XSS Vulnerability Date: Monday - 2018 13 August Author: 10:10AM Team Discovered By: Sleepy Software Link: https://github.com/Countly/countly-server Version: All Version Category: Web-apps Security Risk: Critical Tested on: GNU/Linux Ubuntu 16.04 - wi...

Linux kernel IP fragment re-assembly vulnerable to denial of service

Overview The Linux kernel, versions 3.9+, IP implementation is vulnerable to denial of service conditions with low rates of specially modified packets. Description CWE-400: Uncontrolled Resource Consumption 'Resource Exhaustion' - CVE-2018-5391The Linux kernel, versions 3.9+, is vulnerable to a...

Node.js third-party modules: [samsung-remote] Command injection

I would like to report a command injection vulnerability in the samsung-remote npm module. It allows arbitrary shell command execution through a maliciously crafted argument. Module module name: samsung-remote version: 1.2.5 npm page: https://www.npmjs.com/package/samsung-remote Module Descriptio...

Network and System Reconnaissance Tool: Sandmap

Sandmap is a tool supporting network and system reconnaissance using the massive Nmap engine . It provides a user-friendly interface, automates and speeds up scanning and allows you to easily use many advanced scanning techniques. Key Features simple CLI with the ability to run pure Nmap engine...

Node.js third-party modules: [egg-scripts] Command injection

I would like to report a command injection vulnerability in egg-scripts. It allows arbitrary shell command execution through a maliciously crafted command line argument. Module module name: egg-scripts version: 2.6.0 npm page: https://www.npmjs.com/package/egg-scripts Module Description "deploy...

Search and Dump System Configuration: otseca

The main assumption of creating this tool was easier and faster delivery of commands sets to be performed on customer environments. As a result of such a scan I wanted to get the most useful information about system components that will be subjected to penetration tests and audits at a later time...

rtorrent 0.9.6 - Denial of Service Exploit

Exploit for linux platform in category dos / poc Exploit Title: rtorrent 0.9.6 - Denial of Service Exploit Author: ecx86 Vendor Homepage: http://rtorrent.net Software Link: https://github.com/rakshasa/rtorrent/releases Version: I', lenmsg crash += msg s = socket.socketsocket.AFINET,...

rtorrent 0.9.6 Denial Of Service

Exploit Title: rtorrent 0.9.6 - Denial of Service Date: 2018-01-10 Exploit Author: ecx86 Vendor Homepage: http://rtorrent.net Software Link: https://github.com/rakshasa/rtorrent/releases Version: I', lenmsg crash += msg s = socket.socketsocket.AFINET, socket.SOCKSTREAM s.connect'1.3.3.7', 6890...

rtorrent 0.9.6 - Denial of Service

rtorrent 0.9.6 - Denial of Service Exploit Title: rtorrent 0.9.6 - Denial of Service Date: 2018-01-10 Exploit Author: ecx86 Vendor Homepage: http://rtorrent.net Software Link: https://github.com/rakshasa/rtorrent/releases Version: I', lenmsg crash += msg s = socket.socketsocket.AFINET,...

rtorrent 0.9.6 - Denial of Service

Exploit Title: rtorrent 0.9.6 - Denial of Service Date: 2018-01-10 Exploit Author: ecx86 Vendor Homepage: http://rtorrent.net Software Link: https://github.com/rakshasa/rtorrent/releases Version: I', lenmsg crash += msg s = socket.socketsocket.AFINET, socket.SOCKSTREAM s.connect'1.3.3.7', 6890...

PhpSploit - Stealth Post-Exploitation Framework

PhpSploit is a remote control framework, aiming to provide a stealth interactive shell-like connection over HTTP between client and web server. It is a post-exploitation tool capable to maintain access to a compromised web server for privilege escalation purposes. Overview The obfuscated...

Otseca - Security Auditing Tool To Search And Dump System Configuration

Otseca is a open source security auditing tool to search and dump system configuration. It allows you to generate reports in HTML or RAW-HTML formats. For more information, see wiki. How To Use It's simple: Clone this repository git clone https://github.com/trimstray/otseca Go into the repository...

Lama - Tool To Obtain A Custom Password Dictionary To A Particular Target

Lama, the application that does not mince words. Description Lama is a GNU Linux tool to generate a word list. The goal is to obtain a custom password dictionary to a particular target, whether physical or moral. It is therefore important that words in this list correspond to the target. Keep in...

Linux/x86 - Reverse (10.10.2.4:4444/TCP) Shell Shellcode (68 bytes)

Linux/x86 - Reverse 10.10.2.4:4444/TCP Shell Shellcode 68 bytes. Shellcode exploit for Linuxx86 platform / ; Title : Linux/x86 - Reverse TCP Shell Shellcode 68 bytes ; Date : May, 2018 ; Author : Nuno Freitas ; Blog Post : https://bufferoverflowed.wordpress.com ; Twitter : @nunof11 ; SLAE ID :...

DSA-4205-1 jessie end-of-life

This is an advance notice that regular security support for Debian GNU/Linux 8 code name "jessie" will be terminated on the 17th of June. As with previous releases additional LTS support will be provided for a reduced set of architectures and packages, a separate announcement will be available in...

Linux/x86 - Read /etc/passwd Shellcode (62 bytes)

Linux/x86 - Read /etc/passwd Shellcode 62 bytes. Shellcode exploit for Linuxx86 platform / ; Title : Linux/x86 - Read /etc/passwd Shellcode 62 bytes ; Date : May, 2018 ; Author : Nuno Freitas ; Blog Post : https://bufferoverflowed.wordpress.com/slae32/slae-32-polymorphing-shellcodes/ ; Twitter :...

Linux/x86 execve /bin/sh Encoded Shellcode (44 bytes)

/ ; Title : Execve /bin/sh Shellcode encoded with ROT-13 + RShift-2 + XOR ; Date : April, 2018 ; Author : Nuno Freitas ; Blog Post : https://bufferoverflowed.wordpress.com/slae32/slae-32-shellcode-encoder/ ; Twitter : @nunof11 ; SLAE ID : SLAE-1112 ; Size : 44 bytes ; Tested on : i686 GNU/Linux...