MS Windows 2000/XP Workstation Service Overflow (MS03-049)

No description provided by source. / Proof of concept for MS03-049. This code was tested on a Win2K SP4 with FAT32 file system, and is supposed to work only with that it will probably crash the the other 2Ks, no clue about XPs. To be compiled with lcc-win32 hint link mpr.lib ... I will not improv...

MS Windows 2000/XP Workstation Service Overflow (MS03-049)

Exploit for unknown platform in category remote exploits ========================================================== MS Windows 2000/XP Workstation Service Overflow MS03-049 ========================================================== / Proof of concept for MS03-049. This code was tested on a Win2K...

Microsoft Windows XP/2000 - Workstation Service Overflow (MS03-049)

/ Proof of concept for MS03-049. This code was tested on a Win2K SP4 with FAT32 file system, and is supposed to work only with that it will probably crash the the other 2Ks, no clue about XPs. To be compiled with lcc-win32 hint link mpr.lib ... I will not improve this public version, do not bothe...

Microsoft Windows XP2000 - Workstation Service Overflow (MS03-049)

Microsoft Windows XP2000 - Workstation Service Overflow MS03-049 / Proof of concept for MS03-049. This code was tested on a Win2K SP4 with FAT32 file system, and is supposed to work only with that it will probably crash the the other 2Ks, no clue about XPs. To be compiled with lcc-win32 hint link...

Wireless Tools 26 (IWConfig) - ARGV Local Command Line Buffer Overflow (2)

Wireless Tools 26 IWConfig - ARGV Local Command Line Buffer Overflow 2 // source: https://www.securityfocus.com/bid/8901/info A problem has been identified in the iwconfig program when handling strings on the commandline. Because of this, a local attacker may be able to gain elevated privileges. ...

shatterCommCtrl.txt

Intro ----- Brett Moore from Security Assesment put me onto this one. XP's Visual Styles, the feature that makes various controls in Windows XP look a less dated, also introduce a new shatter type vulnerability into the OS. Vuln ------- Applications which have the new XPified appearance use...

Solaris Runtime Linker (ld.so.1) Buffer Overflow Exploit (SPARC version)

Exploit for solaris platform in category local exploits ======================================================================== Solaris Runtime Linker ld.so.1 Buffer Overflow Exploit SPARC version ======================================================================== / ld.so.1 exploit SPARC...

Solaris Runtime Linker (SPARC) - ld.so.1 Local Buffer Overflow

Solaris Runtime Linker SPARC - ld.so.1 Local Buffer Overflow / ld.so.1 exploit SPARC coded by: osker178 bjr213 psu.edu Alright, so this exploits a fairly standard buffer overflow in the default Solaris runtime linker ld.so.1 discovery by Jouko Pynnonen Only real deviation here from the standard...

Solaris Runtime Linker (SPARC) - 'ld.so.1' Local Buffer Overflow

/ ld.so.1 exploit SPARC coded by: osker178 bjr213 psu.edu Alright, so this exploits a fairly standard buffer overflow in the default Solaris runtime linker ld.so.1 discovery by Jouko Pynnonen Only real deviation here from the standard overflow and return into libc scenario is that at the time tha...

Shatter XP

Intro ----- Brett Moore from Security Assesment put me onto this one. XP's Visual Styles, the feature that makes various controls in Windows XP look a less dated, also introduce a new shatter type vulnerability into the OS. Vuln ------- Applications which have the new XPified appearance use...

mIRC 6.1 - IRC Protocol Remote Buffer Overflow

mIRC 6.1 - IRC Protocol Remote Buffer Overflow / remote mirc 998 chars to someone on IRC is simply NOT done : Then I remember the iframe-irc:// flaw found by uuuppzz 2 This exploit will write an malicious HTML file containing an iframe executing the irc:// address. So you can give this to anyone ...

mIRC 6.1 - 'IRC' Protocol Remote Buffer Overflow

/ remote mirc 998 chars to someone on IRC is simply NOT done : Then I remember the iframe-irc:// flaw found by uuuppzz 2 This exploit will write an malicious HTML file containing an iframe executing the irc:// address. So you can give this to anyone on IRC for example ; The shellcode included doe...

Microsoft Windows - DCOM RPC2 Universal Shellcode

MS Windows DCOM RPC2 Universal Shellcode. Shellcode exploit for win32 platform ; Segment type: Pure code ;seg000 segment byte public 'CODE' use32 ; assume cs:seg000 ; assume es:nothing, ss:nothing, ds:nothing, fs:nothing, gs:nothing .386 assume cs:seg000 var29C = byte ptr -29Ch var28C = byte ptr...

MS Windows (DCOM RPC2) Universal Shellcode

Exploit for win32 platform in category shellcode ========================================== MS Windows DCOM RPC2 Universal Shellcode ========================================== ; Segment type: Pure code ;seg000 segment byte public 'CODE' use32 ; assume cs:seg000 ; assume es:nothing, ss:nothing,...

shatterSEH3.txt

============================================================================ = Shattering SEH III = = [email protected] = http://www.security-assessment.com = = Originally posted: September 29, 2003 ============================================================================ ==...

GNU CFEngine 2.-2.0.3 - Remote Stack Overflow

GNU CFEngine 2.-2.0.3 - Remote Stack Overflow !/usr/bin/perl -s kokaninATdtors.net / cfengine2-2.0.3 from freebsd ports 26/sep/2003. forking portbind shellcode port=0xb0ef45295 by eSDee bug discovered by nick cleaton, tested on FreeBSD 4.8-RELEASE use IO::Socket; if!$ARGV1 print "usage:...

IBM DB2 Universal Database 7.2 (db2licm) Local Exploit

Exploit for linux platform in category local exploits ====================================================== IBM DB2 Universal Database 7.2 db2licm Local Exploit ====================================================== / Local Exploit for db2licm IBM db2 v 7.1 Linux/x86 vulnerability researched by...

IBM DB2 - Universal Database 7.2 'db2licm' Local Overflow

/ Local Exploit for db2licm IBM db2 v 7.1 Linux/x86 vulnerability researched by Juan Manuel Pascual Escriba pask at uninet.edu / char sc= "\x31\xc0" / begin setuid 0 / "\x31\xdb" "\xb0\x17" "\xcd\x80" "\xeb\x1f" "\x5e" "\x89\x76\x08" "\x31\xc0" "\x88\x46\x07" "\x89\x46\x0c" "\xb0\x0b" "\x89\xf3"...

IBM DB2 - Universal Database 7.2 db2licm Local Overflow

IBM DB2 - Universal Database 7.2 db2licm Local Overflow / Local Exploit for db2licm IBM db2 v 7.1 Linux/x86 vulnerability researched by Juan Manuel Pascual Escriba pask at uninet.edu / char sc= "\x31\xc0" / begin setuid 0 / "\x31\xdb" "\xb0\x17" "\xcd\x80" "\xeb\x1f" "\x5e" "\x89\x76\x08"...

GNU CFEngine 2.-2.0.3 - Remote Stack Overflow

!/usr/bin/perl -s kokaninATdtors.net / cfengine2-2.0.3 from freebsd ports 26/sep/2003. forking portbind shellcode port=0xb0ef45295 by eSDee bug discovered by nick cleaton, tested on FreeBSD 4.8-RELEASE use IO::Socket; if!$ARGV1 print "usage: ./DSR-cfengine.pl default cfengine is 5308\n"; exit-1;...