Linux - Reverse Shell Shellcode (66 bytes)

Linux - Reverse Shell Shellcode 66 bytes. Shellcode exploit for Linux platform ;The MIT License MIT ;Copyright c 2017 Robert L. Taylor ;Permission is hereby granted, free of charge, to any person obtaining a ;copy of this software and associated documentation files the “Software”, ;to deal in the...

CVE-2016-9353

An issue was discovered in Advantech SUISAccess Server Version 3.0 and prior. The admin password is stored in the system and is encrypted with a static key hard-coded in the program. Attackers could reverse the admin account password for use...

Hardcoded credentials

An issue was discovered in Advantech SUISAccess Server Version 3.0 and prior. The admin password is stored in the system and is encrypted with a static key hard-coded in the program. Attackers could reverse the admin account password for use...

ScratchABit - Easily retargetable and hackable interactive disassembler with IDAPython-compatible plugin API

ScratchABit is an interactive incremental disassembler with data/control flow analysis capabilities. ScratchABit is dedicated to the efforts of the OpenSource reverse engineering community reverse engineering to produce OpenSource drivers/firmware for hardware not properly supported by vendors...

Linux/x86 - Reverse TCP Alphanumeric Staged Shellcode (103 bytes)

Reverse TCP Staged Alphanumeric Shellcode Linux x86 Execve /bin/sh Author: Snir Levi, Applitects 103 Bytes date: 9.2.17 Automatic python shellcode handler with stage preset send will be ready soon: https://github.com/snir-levi/ReverseTCPAlphanumericStagedShellcodeExecve-bin-bash/ IP - 127.0.0.1...

Linux/x86 - Reverse TCP Alphanumeric Staged Shellcode (103 bytes)

Linux/x86 - Reverse TCP Alphanumeric Staged Shellcode 103 bytes. Shellcode exploit for Linx86 platform Reverse TCP Staged Alphanumeric Shellcode Linux x86 Execve /bin/sh Author: Snir Levi, Applitects 103 Bytes date: 9.2.17 Automatic python shellcode handler with stage preset send will be ready...

Go Time #32 - Hellogopher, whosthere?

I joined Erik St. Martin, Carlisia Pinto and Brian Ketelsen for episode 32 of the Go Time podcast to chat about Hellogopher, whosthere whoami.filippo.io, $GOPATH, TLS 1.3, Cloudflare's secret reverse proxy, and more. Go Time 32 — Hellogopher, whosthere? with Filippo Valsorda hellogopher — "just...

Reverse Engineering Communication Protocols: Netzob

Reverse Engineering Communication Protocols Netzob is an open source tool for reverse engineering, traffic generation and fuzzing of communication protocols. It allows to infer the message format and the state machine of a protocol through passive and active processes. The model can afterward be...

Android Meterpreter Shell, Reverse HTTPS Inline

Connect back to attacker and spawn a Meterpreter shell This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = :dynamic include Msf::Payload::TransportConfig include Msf::Payload::Single...

Jenkins-LDAP (CVE-2016-9299) deserialization vulnerability analysis-vulnerability warning-the black bar safety net

Source: gone with the wind's Blog Author: iswin This vulnerability in the last 11 month of official release announcement when I was concerned too, when he was looking for com. sun. jndi. ldap. LdapAttribute this class related to the deserialization was aware of this category inside the...

CUPS 2.0.3 - Remote Command Execution Exploit

Exploit for linux platform in category remote exploits !/usr/bin/python Exploit Title: CUPS Reference Count Over Decrement Remote Code Execution Google Dork: n/a Date: 2/2/17 Exploit Author: @0x00string Vendor Homepage: cups.org Software Link:...

Linux - Multi/Dual mode Reverse Shell Shellcode (129 bytes)

Linux - Multi/Dual mode Reverse Shell Shellcode 129 bytes. Shellcode exploit for Linux platform / Copyright © 2017 Odzhan. All Rights Reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1...

Linux/x86 - Multi/Dual mode Reverse Shell Shellcode (129 bytes)

/ Copyright © 2017 Odzhan. All Rights Reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the...

Nicolas Brulez on Malware Reverse Engineering Tips and Tricks

Kaspersky Lab Principal Security Researcher Nico Brulez talks with Ryan Naraine about his upcoming SAS 2017 training on the ins and outs of malware reverse engineering and how attendees can benefit for a wide range of tips and tricks. Download:...

AlienVault OSSIM/USM < 5.3.1 - Remote Code Execution (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule "AlienVault OSSIM/USM Remote Code Execution", 'Description' = %q This module exploits object injection, authentication bypass an...

WinAxePlus-8.7

WinAxe server is prone to a remote buffer overflow that could allow a malicious suer to execute arbitrary code in the context of the affected application. The exploit has been tested in Windows platforms and currently there is no fix or patch available for this program. Exploit Title: WinaXe Plus...

Reverse IP Lookup Tool: RevIP

Reverse IP Lookup Tool: RevIP ReverseIP or RevIP is a ruby-based reverse IP-lookup tool, which finds all domains hosted on a web server and returns the HTTP status code of those domains. Installation You can “install” RevIP by simply adding an alias in your /.bashrc after cloning the git reposito...

Multi-Architecture GDB Enhanced Features for Exploiters & Reverse-Engineers: GEF

Multi-Architecture GDB Enhanced Features for Exploiters & Reverse-Engineers GEF is a kick-ass set of commands for X86, ARM, MIPS, PowerPC and SPARC to make GDB cool again for exploit dev. It is aimed to be used mostly by exploiters and reverse-engineers, to provides additional features to GDB usi...

WordPress Exploit Framework

WordPress Exploit Framework is a Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems. Requirements Ensure that you have Ruby 2.2.x installed on your system and then install all required dependencies by opening a command...

WinaXe Plus 8.7 Buffer Overflow

Exploit Title: WinaXe Plus 8.7 - lpr remote buffer overflow Date: 2017-01-16 Exploit Author: Peter Baris Exploit link: http://www.saptech-erp.com.au/resources/winaxelpr.zip Software Link: http://www.labf.com/download/winaxep-ok.html Version: 8.7 Tested on: Windows Server 2008 R2 x64, Windows 7 SP...