AutoCAD DWG and DXF To PDF Converter 2.2 - Buffer Overflow Exploit

Exploit for windows platform in category local exploits Exploit Title: AutoCAD DWG and DXF To PDF Converter v2.2 Buffer Overflow Date: 9-5-2015 Software Link: http://www.verypdf.com/autocad-dwg-dxf-to-pdf/dwgdxftopdfsetup.exe Exploit Author: Robbie Corley Contact: email protected Website: CVE:...

linux/x86 - Create file with permission 7775 and exit - Shell Generator

!/bin/python from sys import argv """ Shellcode Generator... Create file with permission 7775 --------------------------------------------------------------------------------- Disassembly of section .text: 08048060 : 8048060: eb 12 jmp 0x8048074 8048062: 5b pop %ebx 8048063: 31 c0 xor %eax,%eax...

VeryPDF HTML Converter 2.0 - SEH/ToLower() Bypass Buffer Overflow Exploit

Exploit for windows platform in category local exploits Exploit Title: VeryPDF HTML Converter v2.0 SEH/ToLower Bypass Buffer Overflow Date: 9-6-2015 Target tested: Windows 7 x86/x64 Software Link: http://www.verypdf.com/htmltools/winhtmltools.exe Exploit Author: Robbie Corley Contact:...

By overflow vulnerability to bypass the antivirus protection-vulnerability warning-the black bar safety net

Ideas By writing a having overflow vulnerability in the program, and the malicious code written into the shellcode, overflow after executing the shellcode can bypass the antivirus protection. Test environment Platform: Windows XP SP3 Compiler: VC 6.0 Test code Construct the following exploit code...

MS SQL Server 2000/2005 SQLNS.SQLNamespace COM Object Refresh() Unhandled Pointer Exploit

No description provided by source. % Function PaddingintLen Dim strRet, intSize intSize = intLen/2 - 1 For I = 0 To intSize Step 1 strRet = strRet & unescape"%u4141" Next Padding = strRet End Function Function PackDWORDstrPoint strTmp = replacestrPoint, "0x", "" PackDWORD = PackDWORD & UnEscape"%...

OS X x64 /bin/sh Shellcode, NULL Byte Free - 34 bytes

Author: Csaba Fitzl, @theevilbit Tested on OS X 10.10.5 OS X x64 /bin/sh shellcode, NULL byte free, 34 bytes Assembly version binsh-shellcode.asm ./nasm -f macho64 binsh-shellcode.asm ld -macosxversionmin 10.7.0 -o binsh-shellcode binsh-shellcode.o...

OS X x64 /bin/sh Shellcode, NULL Byte Free, 34 bytes

OS X x64 /bin/sh Shellcode, NULL Byte Free, 34 bytes. Shellcode exploit for osx platform Author: Csaba Fitzl, @theevilbit Tested on OS X 10.10.5 OS X x64 /bin/sh shellcode, NULL byte free, 34 bytes Assembly version binsh-shellcode.asm ./nasm -f macho64 binsh-shellcode.asm ld -macosxversionmin...

Boxoft WAV to MP3 Converter - convert Local Buffer Overflow

Boxoft WAV to MP3 Converter - convert Local Buffer Overflow Exploit Title: Boxoft wav to mp3 converter SEH bypass technique tested on Win7x64 Date: 8-31-2015 Software Link: http://www.boxoft.com/wav-to-mp3/ Exploit Author: Robbie Corley Contact: [email protected] Website: Target: Windows 7...

Boxoft WAV To MP3 Converter Buffer Overflow

Exploit Title: Boxoft wav to mp3 converter SEH bypass technique tested on Win7x64 Date: 8-31-2015 Software Link: http://www.boxoft.com/wav-to-mp3/ Exploit Author: Robbie Corley Contact: [email protected] Website: Target: Windows 7 Enterprise x64 CVE: Category: Local Exploit Description: A...

Boxoft WAV to MP3 Converter - convert Feature Buffer Overflow Exploit

Exploit for windows platform in category local exploits Exploit Title: Boxoft wav to mp3 converter SEH bypass technique tested on Win7x64 Date: 8-31-2015 Software Link: http://www.boxoft.com/wav-to-mp3/ Exploit Author: Robbie Corley Contact: email protected Website: Target: Windows 7 Enterprise x...

PFTP Server 8.0f Buffer Overflow

Exploit Title: PFTP Server 8.0f lite SEH bypass technique tested on Win7x64 Date: 8-29-2015 Software Link: http://www.heise.de/download/the-personal-ftp-server-78679a5e8458e9faa7c5564617bdd4c4-1440883445-267104.html Exploit Author: Robbie Corley Contact: [email protected] Website: CVE:...

Boxoft WAV to MP3 Converter - 'convert' Local Buffer Overflow

Exploit Title: Boxoft wav to mp3 converter SEH bypass technique tested on Win7x64 Date: 8-31-2015 Software Link: http://www.boxoft.com/wav-to-mp3/ Exploit Author: Robbie Corley Contact: [email protected] Website: Target: Windows 7 Enterprise x64 CVE: Category: Local Exploit Description: A...

MS SQL Server 20002005 - SQLNS.SQLNamespace COM Object Refresh() Unhandled Pointer

MS SQL Server 20002005 - SQLNS.SQLNamespace COM Object Refresh Unhandled Pointer % Function PaddingintLen Dim strRet, intSize intSize = intLen/2 - 1 For I = 0 To intSize Step 1 strRet = strRet & unescape"%u4141" Next Padding = strRet End Function Function PackDWORDstrPoint strTmp = replacestrPoin...

ZSNES 1.51 - Local Buffer Overflow

ZSNES 1.51 - Local Buffer Overflow Exploit Author: Juan Sacco - http://www.exploitpack.comp Tested on: GNU/Linux - Kali Linux 2.0 Description: ZSNES v1.51 and prior is prone to a stack-based buffer overflow vulnerability because the application fails to perform adequate boundary-checks on...

ZSNES 1.51 Stack-Based Buffer Overflow

Exploit Author: Juan Sacco - http://www.exploitpack.comp Tested on: GNU/Linux - Kali Linux 2.0 Description: ZSNES v1.51 and prior is prone to a stack-based buffer overflow vulnerability because the application fails to perform adequate boundary-checks on user-supplied input. An attacker could...

Easy File Sharing Web Server 6.9 - USERID Remote Buffer Overflow Exploit

Exploit for windows platform in category remote exploits !/usr/bin/python Exploit Title: Easy File Sharing Web Server v6.9 - USERID Remote Buffer Overflow Version: 6.9 Date: 2015-08-22 Author: Tracy Turben email protected Software Link: http://www.efssoft.com/ Tested on: Win7x32-EN,Win7x64-EN...

win2003/x64 - Token Stealing shellcode - 59 bytes

;token stealing shellcode Win 2003 x64 ;based on the widely available x86 version ;syntax for NASM ;Author: Csaba Fitzl, @theevilbit ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;important structures and offsets; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;kd dt -r1 nt!TEB ; +0x110 SystemReserved1 : 54 Ptr64 Void...

Win2003 x64 - Token Stealing shellcode - 59 bytes

Win2003 x64 - Token Stealing shellcode - 59 bytes. Shellcode exploit for win64 platform ;token stealing shellcode Win 2003 x64 ;based on the widely available x86 version ;syntax for NASM ;Author: Csaba Fitzl, @theevilbit ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;important structures and offsets;...

MASM321 11 Quick Editor .qeditor 4.0g - .qse File Buffer Overflow (SEH) (ASLR + SafeSEH Bypass)

MASM321 11 Quick Editor .qeditor 4.0g - .qse File Buffer Overflow SEH ASLR + SafeSEH Bypass !/usr/bin/env python Exploit Title: MASM32 quick editor .QSE SEH Based Buffer Overflow ASLR & SAFESEH bypass Date: 2015-08-15 Exploit Author: St0rn Twitter: st0rnpentest Vendor Homepage:...

MASM321 11 Quick Editor '.qeditor' 4.0g - '.qse' File Buffer Overflow (SEH) (ASLR + SafeSEH Bypass)

!/usr/bin/env python Exploit Title: MASM32 quick editor .QSE SEH Based Buffer Overflow ASLR & SAFESEH bypass Date: 2015-08-15 Exploit Author: St0rn Twitter: st0rnpentest Vendor Homepage: http://www.masm32.com/ Software Link: http://www.masm32.com/masmdl.htm Version: MASM32 11 qeditor 4.0g Tested...