15 matches found
binary-exploitation-writeups
Binary Exploitation Writeups A collection of pwn challenges c...
Stack overflow
Multiple Stack-based Buffer Overflow vulnerabilities exists in Sniffit prior to 0.3.7 via a crafted configuration file that will bypass Non-eXecutable bit NX, stack smashing protector SSP, and address space layout randomization ASLR protection mechanisms, which could let a malicious user execute...
CVE-2014-5439
SniffIt before 0.3.7 contains multiple stack-based buffer overflow vulnerabilities triggered by crafted configuration files, allowing arbitrary code execution (as reported across NVD/OSV/Ubuntu/Debian advisories). The issue bypasses NX/SSP/ASLR protections and is documented in multiple feeds (NVD...
Microsoft Windows 8/2012 R2 x64 EternalBlue Remote Code Execution
!/usr/bin/python from impacket import smb from struct import pack import os import sys import socket ''' EternalBlue exploit for Windows 8 and 2012 by sleepya The exploit might FAIL and CRASH a target system depended on what is overwritten The exploit support only x64 target Tested on: - Windows...
Through the ELF dynamic loading of the structure ROP chain Return-to-dl-resolve-the vulnerability warning-the black bar safety net
Play CTF game stick have know that PWN type of vulnerability topic will generally provide an executable program, and provide program run dynamically link the libc library. By the libc. so you can get the library function of the offset address, combined with the leak GOT the table in the libc...
Microsoft Server Service Relative Path Stack Corruption
No description provided by source. $Id: ms08067netapi.rb 11614 2011-01-21 04:09:48Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of...
mcrypt 2.5.8 Stack Based Overflow
!/usr/bin/perl Title : mcrypt ', $filename; print F $file; close F; sub buildfile magic $file .= "\x00m\x03"; flags $file .= pack'C', 1 6; algorithm $file .= "H@Ck3d\x00"; keysize $file .= pack'S', 0xdead; mode $file .= "h@cK3d\x00"; keymode $file .= "H@CK3D\x00"; sflags $file .= "\xff"; payload...
mcrypt 2.5.8 - Local Stack Overflow
!/usr/bin/perl Title : mcrypt ', $filename; print F $file; close F; sub buildfile magic $file .= "\x00m\x03"; flags $file .= pack'C', 1 6; algorithm $file .= "H@Ck3d\x00"; keysize $file .= pack'S', 0xdead; mode $file .= "h@cK3d\x00"; keymode $file .= "H@CK3D\x00"; sflags $file .= "\xff"; payload...
HT Editor 2.0.20 Buffer Overflow
!/usr/bin/perl =head1 TITLE HT Editor 2.0.20 Buffer Overflow ROP PoC =head2 DESCRIPTION Since version 2.0.18, the stack overflow vulnerability has not been corrected, which I assume would make it 0day? I consequently recoded an exploit, as memory addresses have changed. I chose to make it B, SSP...
MS08-067 Microsoft Server Service Relative Path Stack Corruption
This module exploits a parsing flaw in the path canonicalization code of NetAPI32.dll through the Server Service. This module is capable of bypassing NX on some operating systems and service packs. The correct target must be used to prevent the Server Service along with a dozen others in the same...
Samba SetInformationPolicy AuditEventsInfo Heap Overflow
Exploit for linux platform in category remote exploits This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core'...
Samba SetInformationPolicy AuditEventsInfo Heap Overflow
This module triggers a vulnerability in the LSA RPC service of the Samba daemon because of an error on the PIDL auto-generated code. Making a specially crafted call to SetInformationPolicy to set a PolicyAuditEventsInformation allows to trigger a heap overflow and finally execute arbitrary code...
Wireshark 1.4.4 - DECT Dissector Remote Buffer Overflow
!/usr/bin/env python -- coding: iso-8859-15 -- a = """ \n\t-- CVE: 2011-1591 : Wireshark = 2.5 For any comments, remarks, news, please mail me : ipv at team . net \n""" import sys, struct if sys.versioninfo = 2, 5: from scapy.all import else: from scapy import align def xv: return struct.pack"I",...
Microsoft Windows Server - Service Relative Path Stack Corruption (MS08-067) (Metasploit)
$Id: ms08067netapi.rb 11614 2011-01-21 04:09:48Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework...
ms08-0 6 7 The English system attack code, metasploit plug-in code released-vulnerability warning-the black bar safety net
Metasploit attack platform released the latest ms08-0 6 7 attack plug-ins. Adds an initial exploit for MS08-0 6 7, support for XP SP2/SP3 DEP, 2 0 0 3 SP0/SP2 no-DEP. The current XP system better, via the DEP data protection, but 2 0 0 3 system after an attack often crash. Code only forMetasploit...