ProFTPd - 'mod_sftp' Integer Overflow Denial of Service (PoC)

ProFTPD modsftp Integer Overflow by Kingcope reference: http://www.castaglia.org/proftpd/modules/modsftp.html Exploit Title: ProFTPD modsftp Integer Overflow Date: 7 February 2011 Author: Kingcope Software Link: http://www.castaglia.org/proftpd/modules/modsftp.html Tested on: Centos 5.5 Program...

FreeBSD 5.4-RELEASE ftpd 6.00LS - sendfile Memory Leak

FreeBSD 5.4-RELEASE ftpd 6.00LS - sendfile Memory Leak /FreeBSD include include include include include include include include include int createconnectionchar target, char targetport; void getlineint s; void putlineint s, char out; void usagechar exe; char in8096; char out8096; char out28096; i...

Sun Microsystems SunScreen Firewall Root Exploit

/ Sun Microsystems SunScreen Firewall Root Exploit discovered & exploited by Kingcope January 2011 The SunScreen Firewall can be administrated remotely via a java protocol service which is running on port 3858 on a SunOS machine. This Java Service contains numerous buffer overruns 2 of which I am...

LiteSpeed Web Server 4.0.17 w/ PHP Remote Exploit for FreeBSD

LiteSpeed Web Server 4.0.17 w/ PHP Remote Exploit for FreeBSD bug discovered & exploited by Kingcope Dec 2010 Lame Xploit Tested with success on FreeBSD 8.0-RELEASE - LiteSpeed WebServer 4.0.17 Standard & Enterprise x86 FreeBSD 6.3-RELEASE - LiteSpeed WebServer 4.0.17 Standard & Enterprise x86...

Exim 4.63 Remote Root Exploit

Exim 4.63 RedHat/Centos/Debian Remote Root Exploit by Kingcope Modified perl version of metasploit module =for comment use this connect back shell as "trojanurl" and be sure to setup a netcat, ---snip--- $system = '/bin/sh'; $ARGC=@ARGV; if $ARGC!=2 print "Usage: $0 Host Port \n\n"; die "Ex: $0...

Exim 4.63 - Remote Command Execution

Exim 4.63 - Remote Command Execution Exim 4.63 RedHat/Centos/Debian Remote Root Exploit by Kingcope Modified perl version of metasploit module =for comment use this connect back shell as "trojanurl" and be sure to setup a netcat, ---snip--- $system = '/bin/sh'; $ARGC=@ARGV; if $ARGC!=2 print...

LiteSpeed Web Server 4.0.17 Remote Exploit

LiteSpeed Web Server 4.0.17 w/ PHP Remote Exploit for FreeBSD bug discovered & exploited by Kingcope Dec 2010 Lame Xploit Tested with success on FreeBSD 8.0-RELEASE - LiteSpeed WebServer 4.0.17 Standard & Enterprise x86 FreeBSD 6.3-RELEASE - LiteSpeed WebServer 4.0.17 Standard & Enterprise x86...

Exim 4.63 Remote Root Exploit

Exploit for linux platform in category remote exploits Exim 4.63 RedHat/Centos/Debian Remote Root Exploit by Kingcope Modified perl version of metasploit module =for comment use this connect back shell as "trojanurl" and be sure to setup a netcat, ---snip--- $system = '/bin/sh'; email protected; ...

FreeBSD - 'mbufs()' sendfile Cache Poisoning Privilege Escalation

/ freebsd x86/x64 sendfile cache local root xpl v2 by Kingcope 2010 -- should h4x any freebsd 8. and 7. prior to 12Jul2010 tampers /bin/sh to contain a shellcode which does ' chmod a+s /tmp/sh chown root /tmp/sh execve /tmp/sh2 ' how to use: terminal 1: $ cp /bin/sh /tmp/sh $ cp /bin/sh /tmp/sh2 ...

FreeBSD - mbufs() sendfile Cache Poisoning Privilege Escalation

FreeBSD - mbufs sendfile Cache Poisoning Privilege Escalation / freebsd x86/x64 sendfile cache local root xpl v2 by Kingcope 2010 -- should h4x any freebsd 8. and 7. prior to 12Jul2010 tampers /bin/sh to contain a shellcode which does ' chmod a+s /tmp/sh chown root /tmp/sh execve /tmp/sh2 ' how t...

FreeBSD mbufs() sendfile Cache Poisoning Privilege Escalation

Exploit for freebsd platform in category local exploits ============================================================= FreeBSD mbufs sendfile Cache Poisoning Privilege Escalation ============================================================= / freebsd mbufs sendfile cache poisoning-priv escalation...

AIX5l FTP Server Remote Root Hash Disclosure

AIXCOREDUMP.PL --- --== AIX5l w/ FTP-SERVER REMOTE ROOT HASH DISCLOSURE EXPLOIT =-- CREATES COREDUMP INCLUDING THE ROOT USER HASH FROM /etc/security/passwd THE RESULT FILE IS SCRAMBLED - SEEK FOR DES LOOKING CRYPTO KEYS SUCCESSFULLY TESTED ON IBM AIX 5.1 DISCOVERED & EXPLOITED BY KINGCOPE JULY 20...

AIX5l with FTP-Server Remote Root Hash Disclosure Exploit

Exploit for linux platform in category remote exploits ========================================================= AIX5l with FTP-Server Remote Root Hash Disclosure Exploit ========================================================= AIXCOREDUMP.PL --- --== AIX5l w/ FTP-SERVER REMOTE ROOT HASH...

AIX5l with FTP-Server - Hash Disclosure

AIXCOREDUMP.PL --- --== AIX5l w/ FTP-SERVER REMOTE ROOT HASH DISCLOSURE EXPLOIT =-- CREATES COREDUMP INCLUDING THE ROOT USER HASH FROM /etc/security/passwd THE RESULT FILE IS SCRAMBLED - SEEK FOR DES LOOKING CRYPTO KEYS SUCCESSFULLY TESTED ON IBM AIX 5.1 DISCOVERED & EXPLOITED BY KINGCOPE JULY 20...

LiteSpeed Source Code Disclosure/Download

This module exploits a source code disclosure/download vulnerability in versions 4.0.14 and prior of LiteSpeed. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'LiteSpeed Source Code...

Litespeed Technologies - Web Server Remote Poison Null Byte

Litespeed Technologies Web Server Remote Poison null byte Zero-Day discovered and exploited by Kingcope in June 2010 google gives me over 9million hits Example exploit session: %nc 192.168.2.19 80 HEAD / HTTP/1.0 HTTP/1.0 200 OK Date: Sun, 13 Jun 2010 00:10:38 GMT Server: LiteSpeed . %cat...

Litespeed Technologies - Web Server Remote Poison Null Byte

Litespeed Technologies - Web Server Remote Poison Null Byte Litespeed Technologies Web Server Remote Poison null byte Zero-Day discovered and exploited by Kingcope in June 2010 google gives me over 9million hits Example exploit session: %nc 192.168.2.19 80 HEAD / HTTP/1.0 HTTP/1.0 200 OK Date: Su...

Litespeed Technologies Web Server Remote Poison null byte Exploit

Exploit for multiple platform in category remote exploits ================================================================= Litespeed Technologies Web Server Remote Poison null byte Exploit ================================================================= Litespeed Technologies Web Server Remote...

MDaemon Mailer Daemon 11.0.1 - Remote File Disclosure

MDaemon Mailer Daemon Version 11.0.1 LATEST Remote File Disclosure Bug Found & Exploited by Kingcope May 2010 The latest version at the time of this advisory is vulnerble to the attack. It seems all files which the SYSTEM account can read can be accessed remotely, even accessing files on SMB shar...

MDaemon Mailer Daemon 11.0.1 - Remote File Disclosure

MDaemon Mailer Daemon 11.0.1 - Remote File Disclosure MDaemon Mailer Daemon Version 11.0.1 LATEST Remote File Disclosure Bug Found & Exploited by Kingcope May 2010 The latest version at the time of this advisory is vulnerble to the attack. It seems all files which the SYSTEM account can read can ...