Android get_user/put_user Exploit

This Metasploit module exploits a missing check in the getuser and putuser API functions in the linux kernel before 3.5.5. The missing checks on these functions allow an unprivileged user to read and write kernel memory. This exploit first reads the kernel memory to identify the commitcreds and...

Mobile Application Reverse Engineering: MARA

Mobile Application Reverse engineering and Analysis Framework MARA is a M obile A pplication R everse engineering and A nalysis Framework. It is a tool that puts together commonly used mobile application reverse engineering tools, in order to make the task or reverse engineering and analysis easi...

Pornhub: Unsecured DB instance

The researcher identified vulnerable OrientDB server instances on our infrastructure. The DB servers were found to be vulnerable to script based remote code execution leading to privilege escalation. Two servers running OrientDB were identified, with default login/password combinations. Upon...

Linux/x86 - Netcat (-e option disabled) Reverse Shell Shellcode (180 bytes)

/ ;author: Filippo "zinzloun" Bersani ;date: 05/12/2016 ;version: 1.0 ;X86 Assembly/NASM Syntax ;tested on: Linux OpenSuse001 2.6.34-12-desktop 32bit ; Linux ubuntu 3.13.0-100-generic 147precise1-Ubuntu 32bit ; Linux bb32 4.4.0-45-generic 32bit ; description: get a reverse shell executing a shell...

Linux/x86 - Netcat (-e option disabled) Reverse Shell Shellcode (180 bytes)

Linux/x86 - Netcat -e option disabled Reverse Shell Shellcode 180 bytes. Shellcode exploit for Linx86 platform / ;author: Filippo "zinzloun" Bersani ;date: 05/12/2016 ;version: 1.0 ;X86 Assembly/NASM Syntax ;tested on: Linux OpenSuse001 2.6.34-12-desktop 32bit ; Linux ubuntu 3.13.0-100-generic...

Disk Savvy Enterprise 9.1.14 - Buffer Overflow Exploit

Exploit for windows platform in category remote exploits !/usr/bin/python print "Disk Savvy Enterprise 9.1.14 Login Buffer Overflow" print "Author: Tulpa / tulpaattulpa-securitydotcom" Author website: www.tulpa-security.com Author twitter: @tulpasecurity Exploit will land you NT AUTHORITY\SYSTEM...

Disk Sorter Enterprise 9.1.12 - Login Remote Buffer Overflow

Disk Sorter Enterprise 9.1.12 - Login Remote Buffer Overflow !/usr/bin/python print "Disk Sorter Enterprise 9.1.12 Login Buffer Overflow" print "Author: Tulpa / tulpaattulpa-securitydotcom" Author website: www.tulpa-security.com Author twitter: @tulpasecurity Exploit will land you NT...

Disk Sorter Enterprise 9.1.12 - Buffer Overflow Exploit

Exploit for windows platform in category remote exploits !/usr/bin/python print "Disk Sorter Enterprise 9.1.12 Login Buffer Overflow" print "Author: Tulpa / tulpaattulpa-securitydotcom" Author website: www.tulpa-security.com Author twitter: @tulpasecurity Exploit will land you NT AUTHORITY\SYSTEM...

Disk Pulse Enterprise 9.1.16 Buffer Overflow

!/usr/bin/python print "Disk Pulse Enterprise 9.1.16 Login Buffer Overflow" print "Author: Tulpa / tulpaattulpa-securitydotcom" Author website: www.tulpa-security.com Author twitter: @tulpasecurity Exploit will land you NT AUTHORITY\SYSTEM You do not need to be authenticated, password below is...

Dup Scout Enterprise 9.1.14 - Buffer Overflow Exploit

Exploit for windows platform in category remote exploits !/usr/bin/python print "Dup Scout Enterprise 9.1.14 Login Buffer Overflow" print "Author: Tulpa / tulpaattulpa-securitydotcom" Author website: www.tulpa-security.com Author twitter: @tulpasecurity Exploit will land you NT AUTHORITY\SYSTEM Y...

Disk Savvy Enterprise 9.1.14 - Login Remote Buffer Overflow

Disk Savvy Enterprise 9.1.14 - Login Remote Buffer Overflow !/usr/bin/python print "Disk Savvy Enterprise 9.1.14 Login Buffer Overflow" print "Author: Tulpa / tulpaattulpa-securitydotcom" Author website: www.tulpa-security.com Author twitter: @tulpasecurity Exploit will land you NT AUTHORITY\SYST...

Dup Scout Enterprise 9.1.14 Buffer Overflow

!/usr/bin/python print "Dup Scout Enterprise 9.1.14 Login Buffer Overflow" print "Author: Tulpa / tulpaattulpa-securitydotcom" Author website: www.tulpa-security.com Author twitter: @tulpasecurity Exploit will land you NT AUTHORITY\SYSTEM You do not need to be authenticated, password below is...

VX Search Enterprise 9.1.12 - 'Login' Remote Buffer Overflow

!/usr/bin/python print "VX Search Enterprise 9.1.12 Login Buffer Overflow" print "Author: Tulpa / tulpaattulpa-securitydotcom" Author website: www.tulpa-security.com Author twitter: @tulpasecurity Exploit will land you NT AUTHORITY\SYSTEM You do not need to be authenticated, password below is...

Disk Pulse Enterprise 9.1.16 - 'Login' Remote Buffer Overflow

!/usr/bin/python print "Disk Pulse Enterprise 9.1.16 Login Buffer Overflow" print "Author: Tulpa / tulpaattulpa-securitydotcom" Author website: www.tulpa-security.com Author twitter: @tulpasecurity Exploit will land you NT AUTHORITY\SYSTEM You do not need to be authenticated, password below is...

Disk Savvy Enterprise 9.1.14 Buffer Overflow

!/usr/bin/python print "Disk Savvy Enterprise 9.1.14 Login Buffer Overflow" print "Author: Tulpa / tulpaattulpa-securitydotcom" Author website: www.tulpa-security.com Author twitter: @tulpasecurity Exploit will land you NT AUTHORITY\SYSTEM You do not need to be authenticated, password below is...

Disk Sorter Enterprise 9.1.12 Buffer Overflow

!/usr/bin/python print "Disk Sorter Enterprise 9.1.12 Login Buffer Overflow" print "Author: Tulpa / tulpaattulpa-securitydotcom" Author website: www.tulpa-security.com Author twitter: @tulpasecurity Exploit will land you NT AUTHORITY\SYSTEM You do not need to be authenticated, password below is...

Linux/x86 - Egg-hunter Shellcode (31 bytes)

Linux/x86 - Egg-hunter Shellcode 31 bytes. Shellcode exploit for Linx86 platform / ;author: Filippo "zinzloun" Bersani ;date: 28/11/2016 ;version: 1.0 ;X86 Assembly/NASM Syntax ;tested on: Linux OpenSuse001 2.6.34-12-desktop 32bit ; Linux ubuntu 3.13.0-100-generic 147precise1-Ubuntu 32bit ; Linux...

Dlink DIR Routers Unauthenticated HNAP Login Stack Buffer Overflow

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' Payload working status: MIPS: - all valid payloads working the ones that we are able to send without null bytes ARM: - inline rev/bind shell works...

Windows/x64 - Reverse Shell TCP Shellcode (694 bytes)

/ Title : Windows x64 Reverse Shell TCP shellcode size : 694 bytes Author: Roziul Hasan Khan Shifat Date : 10-11-2016 Tested on : Windows 7 x64 Professional Email : email protected / / Disassembly of section .text: 0000000000000000 : 0: 48 31 d2 xor %rdx,%rdx 3: 65 48 8b 42 60 mov %gs:0x60%rdx,%r...

Windows x64 - Reverse Shell TCP Shellcode (694 bytes)

Windows x64 - Reverse Shell TCP Shellcode 694 bytes. Shellcode exploit for Winx86-64 platform / Title : Windows x64 Reverse Shell TCP shellcode size : 694 bytes Author: Roziul Hasan Khan Shifat Date : 10-11-2016 Tested on : Windows 7 x64 Professional Email : [email protected] / / Disassembly of...