7258 matches found
Carbanak Attackers Devise Clever New Persistence Trick
Hackers behind the Carbanak criminal gang have devised a clever way to gain persistence on targeted systems to more effectively pull off financially motivated crimes. The technique involves creating a bogus instance of a Microsoft Windows app compatibility feature. On Wednesday, Mandiant, FireEye...
IrfanView 4.44 Denial Of Service
Exploit Title: Irfanview - OtherExtensions Input Overflow Date: 29-04-2017 Software Link: http://download.cnet.com/IrfanView/?part=dl-&subj=dl&tag=button Exploit Author: Dreivan Orprecio Version: Irfanview 4.44 Irfanview is vulnerable to overflow in "OtherExtensions" input field Debugging Machine...
Microsoft Windows 2003 SP2 ERRATICGOPHER SMB Remote Code Execution
!/usr/bin/env python -- coding: utf-8 -- By Victor Portal vportal for educational porpouse only This exploit is the python version of the ErraticGopher exploit probably with some modifications. ErraticGopher exploits a memory corruption seems to be a Heap Overflow in the Windows DCE-RPC Call...
Inject Custom Code Into PE File: InfectPE
Inject Custom Code Into PE File Using this tool you can inject x-code/shellcode into PE file. InjectPE works only with 32-bit executable files. Why you need InjectPE? You can test your security products. Use in a phishing campaign. Learn how PE injection works. …and so on. In the project, there i...
Microsoft Windows 2003 SP2 - 'ERRATICGOPHER' SMB Remote Code Execution
!/usr/bin/env python -- coding: utf-8 -- By Victor Portal vportal for educational porpouse only This exploit is the python version of the ErraticGopher exploit probably with some modifications. ErraticGopher exploits a memory corruption seems to be a Heap Overflow in the Windows DCE-RPC Call...
Microsoft Windows 2003 SP2 - ERRATICGOPHER SMB Remote Code Execution
Microsoft Windows 2003 SP2 - ERRATICGOPHER SMB Remote Code Execution !/usr/bin/env python -- coding: utf-8 -- By Victor Portal vportal for educational porpouse only This exploit is the python version of the ErraticGopher exploit probably with some modifications. ErraticGopher exploits a memory...
FIN7 Evolution and the Phishing LNK
FIN7 is a financially-motivated threat group that has been associated with malicious operations dating back to late 2015. FIN7 is referred to by many vendors as “Carbanak Group”, although we do not equate all usage of the CARBANAK backdoor with FIN7. FireEye recently observed a FIN7 spear phishin...
Linux/x86 - Egg-hunter Shellcode (18 bytes)
// Description: a 18 bytes egg hunter on contigous memory segments // // You are free to do whatever you want of this shellcode // // @phacktul / global start section .text start: mov eax, start ; we set a valid .text address into eax mov ebx, dword 0x50905091 ; we can avoid an 8 bytes tag in egg...
Linux/x86 - Egg-hunter Shellcode (18 bytes)
Linux/x86 - Egg-hunter Shellcode 18 bytes. Shellcode exploit for Linx86 platform // Description: a 18 bytes egg hunter on contigous memory segments // // You are free to do whatever you want of this shellcode // // @phacktul / global start section .text start: mov eax, start ; we set a valid .tex...
In-depth analysis of the N. S. A. took 5 years of IIS vulnerability-vulnerability warning-the black bar safety net
Source: Xuanwu lab Author: Ke Liu of Tencent’s Xuanwu Lab The 1. Vulnerability description 1.1 exploit description 2017 3 November 27, from South China University of technology the Zhiniang Peng and Chen Wu in GitHub 1 discloses an IIS 6.0 vulnerability exploit code, and specify its may 2016 7...
Writing a libemu/Unicorn Compatability Layer
In this post we are going to take a quick look at what it takes to write a libemu compatibility layer for the Unicorn engine. In the course of this work, we will also import the libemu Win32 environment to run under Unicorn. For a bit of background, libemu is a lightweight x86 emulator written in...
Writing a libemu/Unicorn Compatability Layer
In this post we are going to take a quick look at what it takes to write a libemu compatibility layer for the Unicorn engine. In the course of this work, we will also import the libemu Win32 environment to run under Unicorn. For a bit of background, libemu is a lightweight x86 emulator written in...
VirusChaser 8.0 Buffer Overflow
Exploit Title: Virus Chaser 8.0 - Scanner component, SEH Overflow Date: 14 April 2017 Exploit Author: 0x41Li [email protected] Vendor Homepage: https://www.viruschaser.com/ Software Link: https://www.viruschaser.com/download/VC80b32Setup.zip Tested on: Windows 7 Universal import os from struct...
xRaido 0.95 b '. xrl'local code execution vulnerability-vulnerability warning-the black bar safety net
Author: k0shl reprint please indicate the source: http://whereisk0shl.top Vulnerability description Software download: https://www.exploit-db.com/apps/d4623b69bd1b881fa7e440ca79f44ef2-xradio-setup-0.95b.exe PoC: !/ usr/bin/python windows/messagebox - 590 bytes x86/alphaupper...
VirusChaser 8.0 - Buffer Overflow (SEH) Exploit
Exploit for windows platform in category local exploits Exploit Title: Virus Chaser 8.0 - Scanner component, SEH Overflow Date: 14 April 2017 Exploit Author: 0x41Li email protected Vendor Homepage: https://www.viruschaser.com/ Software Link: https://www.viruschaser.com/download/VC80b32Setup.zip...
Linux/x86-64 - execve("/bin/sh") Shellcode (31 bytes)
Linux/x86-64 - execve"/bin/sh" Shellcode 31 bytes. Shellcode exploit for Linx86-64 platform Hi, This time I wanna to submit a shellcode whose length is 31Bytes , It's tested on Linux x86-64 ;=========================================================== ===================== ; The MIT License ; ;...
Linux/x86-64 - execve(/bin/sh) Shellcode (31 bytes)
Hi, This time I wanna to submit a shellcode whose length is 31Bytes , It's tested on Linux x86-64 ;=========================================================== ===================== ; The MIT License ; ; Copyright c ; ; Permission is hereby granted, free of charge, to any person obtaining a copy ;...
PCMAN FTP Server 2.0.7 MKD Buffer Overflow Exploit
Exploit for windows platform in category remote exploits This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'PCMAN FTP Server Buffer Overflow - MKD Command', 'Description' = %q Th...
PCMAN FTP Server 2.0.7 GET Buffer Overflow
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'PCMAN FTP Server Buffer Overflow - GET Command', 'Description' = %q This module exploits a buffer overflow vulnerability found ...
IIS6. 0 remote command execution shellcode construct-vulnerability warning-the black bar safety net
Author: Vulntor Date: 2017/03/29 0x00 Preface Yesterday broke the iis6. 0 Vulnerability, CVE-2017-7269 of the poc so many web Dog miserable. As a web dog, I also naive to think that a calculator will pop-up, in fact, the process already appeared to calc. exe process, but it does not appear the...