LanSpy 2.0.1.159 - Local Buffer Overflow Exploit

Exploit for windows platform in category local exploits !/usr/bin/python ------------------------------------------------------------------------------------------------------------------------------------ Exploit: LanSpy 2.0.1.159 - Local Buffer Overflow RCEPoC Date: 2018-12-16 Author: Juan...

PDF Explorer 1.5.66.2 - Buffer Overflow (SEH)

PDF Explorer 1.5.66.2 - Buffer Overflow SEH Exploit Title: PDF Explorer SEH Local Exploit Original Discovery:Gionathan "John" Reale DoS exploit Exploit Author: Achilles Date: 18-12-2018 Vendor Homepage: http://www.rttsoftware.com/ Software Link:...

LanSpy 2.0.1.159 Local Buffer Overflow

!/usr/bin/python ------------------------------------------------------------------------------------------------------------------------------------ Exploit: LanSpy 2.0.1.159 - Local Buffer Overflow RCEPoC Date: 2018-12-16 Author: Juan Prescotto Tested Against: Win7 Pro SP1 64 bit Software...

MiniShare 1.4.1 - HEADPOST Remote Buffer Overflow

MiniShare 1.4.1 - HEADPOST Remote Buffer Overflow Not only the GET method is vulnerable to BOF CVE-2004-2271. HEAD and POST methods are also vulnerable. The difference is minimal, both are exploited in the same way. Only 1 byte difference: GET = 3, HEAD and POST = 4 length...

MiniShare 1.4.1 - 'HEAD/POST' Remote Buffer Overflow

Not only the GET method is vulnerable to BOF CVE-2004-2271. HEAD and POST methods are also vulnerable. The difference is minimal, both are exploited in the same way. Only 1 byte difference: GET = 3, HEAD and POST = 4 length ------------------------------------------------------------------- EAX...

FLARE Script Series: Automating Objective-C Code Analysis with Emulation

This blog post is the next episode in the FireEye Labs Advanced Reverse Engineering FLARE team Script Series. Today, we are sharing a new IDAPython library – flare-emu – powered by IDA Pro and the Unicorn emulation framework that provides scriptable emulation features for the x86, x8664, ARM, and...

Linux/x86 - execve(/usr/bin/ncat -lvp 1337 -e /bin/bash)+Null-Free Shellcode (95 bytes)

/ Linux/x86-execve/usr/bin/ncat -lvp 1337 -e/bin/bash+NULL-FREE Shellcode95 bytes Author : T3jv1l Contact: email protected Twitter:https://twitter.com/T3jv1l Shellcode len : 119 bytes Compilation: gcc shellcode.c -o shellcode Compilation for x64 : gcc -m32 shellcode.c -o shellcode Tested On: Ubun...

Valve: Malformed BSP in GoldSrc Engine may cause shellcode injection

Introduction Hello. There's a vulnerability in GoldSrc Engine that allows to run arbitrary assembly code using incorrect BSP format processing. Description The vulnerability is found in the UTILStringToIntArray function. This function belongs to the game mod library mp.dll/cs.so and has the...

Linux/x86 - /usr/bin/head -n99 cat etc/passwd Shellcode (61 Bytes)

; Exploit Title: /usr/bin/head -n99 cat etc/passwd poly shellcode-571.php ; Exploit Author: Nelis ; Version: 0.2 ; Tested on: Ubuntu 12.10 ; Filename: headpass.nasm ; SLAE-ID: 1327 ; Based on: http://shell-storm.org/shellcode/files/shellcode-571.php ;...

Linux/x64 - Reverse (0.0.0.0:1907/TCP) Shell Shellcode (119 Bytes)

/ reverse shell tcp 1907 port shellcode C language - Linux/x8664 Author : Kağan Çapar contact: email protected shellcode len : 119 bytes compilation: gcc -fno-stack-protector -z execstack reverse-shell.c -o reverse-shell Test: run your machine: nc -vlp 1907 and run exploit ./reverse-shell check...

A CVE-2017-11882 vulnerability is a new variation of a sample of the debugging and analysis-vulnerability warning-the black bar safety net

Recently harvested a suffix called doc word document, view the After is actually a rich text format document. In a test environment to open after the discovery of a network connection and executing a program of action, determine the sample is malware document. After a preliminary analysis, found...

Miasm - Reverse Engineering Framework In Python

Miasm is a free and open source GPLv2 reverse engineering framework. Miasm aims to analyze / modify / generate binary programs. Here is a non exhaustive list of features: Opening / modifying / generating PE / ELF 32 / 64 LE / BE using Elfesteem Assembling / Disassembling X86 / ARM / MIPS / SH4 /...

Safari Proxy Object Type Confusion

This module exploits a type confusion bug in the Javascript Proxy object in WebKit. The DFG JIT does not take into account that, through the use of a Proxy, it is possible to run arbitrary JS code during the execution of a CreateThis operation. This makes it possible to change the structure of e....

XAMPP Control Panel 3.2.2 - Buffer Overflow (SEH) (Unicode)

XAMPP Control Panel 3.2.2 - Buffer Overflow SEH Unicode Exploit Title: XAMPP Control Panel 3.2.2 - Buffer Overflow SEH Unicode Exploit Author: Gionathan "John" Reale 0-day DoS exploit, Semen Alexandrovich Lyhin 1-day fully working exploit. Shellcode Author: Giuseppe D'Amore EDB:28996 Date:...

Linux/x86 - Bind (99999/TCP) NetCat Traditional (/bin/nc) Shell (/bin/bash) Shellcode 58 bytes

/ Exploit Title: Linux/x86 - execve /bin/nc -lp99999 -e /bin/bash shellcode 58 bytes Exploit Description: Binds a TCP bash shell at port 99999 using netcat. Note: This shellcode uses netcat-traditional package. Otherwise, it will not work. Date: 04/11/2018 Exploit Author: Javier Tello Version: 1....

Windows/x86 - Messagebox Shellcode 358 bytes

// Exploit Title : win32 Messagebox shellcode 358 bytes // Exploit Author : Febriyanto Nugroho email protected // Tested on : Windows 7 x86 Ultimate include include char shellcode= "\x31\xdb\xb3\x30\x29\xdc\x64\x8b\x03\x8b\x40\x0c\x8b" "\x58\x1c\x8b\x1b\x8b\x1b\x8b\x73\x08\x89\xf7\x89\x3c"...

The use of a posture clear odd 11882 format overflow document analysis-vulnerability warning-the black bar safety net

Prior to inadvertently give a very interesting rtf document, the sandbox where the behavior of a pile, the document itself and confuse the very clear odd, so spend a little time to analyze this sample. Substantially clear the sample of the attack techniques and attack the chain, the open part of...

PCManFTPD 2.0.7 Server APPE Command Buffer Overflow

!/usr/bin/python Exploit Title: PCManFTPD 2.0.7 Server APPE Command - Buffer Overflow Exploit Date: 30/10/2018 Exploit Author: DC - Telspace Systems Vendor Homepage: http://pcman.openfoundry.org/ Contact: [email protected] Version: 2.0.7 Tested on: Windows XP Prof SP3 ENG x86 CVE:...

Morris Worm fingerd Stack Buffer Overflow Exploit

This Metasploit module exploits a stack buffer overflow in fingerd on 4.3BSD. This vulnerability was exploited by the Morris worm in 1988-11-02. Cliff Stoll reports on the worm in the epilogue of The Cuckoo's Egg. This module requires Metasploit: https://metasploit.com/download Current source:...

BlobRunner - Quickly Debug Shellcode Extracted During Malware Analysis

BlobRunner is a simple tool to quickly debug shellcode extracted during malware analysis. BlobRunner allocates memory for the target file and jumps to the base or offset of the allocated memory. This allows an analyst to quickly debug into extracted artifacts with minimal overhead and effort. To...