Cisco IOS - Remote Code Execution

Cisco IOS - Remote Code Execution !/usr/bin/env python if False: ''' CVE-2017-6736 / cisco-sa-20170629-snmp Cisco IOS remote code execution =================== This repository contains Proof-Of-Concept code for exploiting remote code execution vulnerability in SNMP service disclosed by Cisco...

Cisco IOS - Remote Code Execution

!/usr/bin/env python if False: ''' CVE-2017-6736 / cisco-sa-20170629-snmp Cisco IOS remote code execution =================== This repository contains Proof-Of-Concept code for exploiting remote code execution vulnerability in SNMP service disclosed by Cisco Systems on June 29th 2017 - Descriptio...

Debugging Complex Malware that Executes Code on the Heap

Introduction In this blog, I will share a simple debugging tactic for creating “save points” during iterative remote debugging of complex multi-stage samples that execute code in heap memory at non-deterministic addresses. I’ll share two examples: one contrived, and the other a complex, modular...

Linux/x86 - chmod 777 /etc/sudoers Shellcode (36 bytes)

Linux/x86 - chmod 777 /etc/sudoers Shellcode 36 bytes. Shellcode exploit for Linuxx86 platform / Description ; Title : chmod 777 /etc/sudoers - Shellcode ; Author : Hashim Jawad ; Website : ihack4falafel.com ; Twitter : @ihack4falafel ; SLAE ID : SLAE-1115 ; Purpose : chmod /etc/sudoers permissio...

PT-2018-19371

Name of the Vulnerable Software and Affected Versions SC version 7.16 Description A stack-based buffer overflow allows local attackers to execute arbitrary code by providing oversized input that exceeds buffer boundaries. By crafting malicious input strings larger than 1052 bytes, an attacker can...

Linux/x64 - Custom Encoded XOR + Polymorphic + execve(/bin/sh) Shellcode (Generator)

Linux/x64 - Custom Encoded XOR + Polymorphic + execve/bin/sh Shellcode Generator. Shellcode exploit for Generator platform !/usr/bin/python from random import randint encoded = "" encoded2 = "" badchars = 0x00 shellcode = "\x90" +...

Linux/x64 - Custom Encoded XOR + execve(/bin/sh) Shellcode

Linux/x64 - Custom Encoded XOR + execve/bin/sh Shellcode. Shellcode exploit for Linuxx86-64 platform global start section .text start: jmp findaddress ; jmp short by default decoder: ; Get the address of the string pop rdi push rdi pop rbx ; get the first byte and bruteforce till you get the toke...

MS-Word Payload Delivery: Macro Creator

Invoke-MacroCreator is a powershell Cmdlet that allows for the creation of an MS-Word document embedding a VBA macro with various payload delivery and execution capabilities. Description Basically the script supports three types of payload that you MUST specify using the -t argument: 1. shellcode...

LabF nfsAxe FTP Client 3.7 - Remote Buffer Overflow (DEP Bypass)

LabF nfsAxe FTP Client 3.7 - Remote Buffer Overflow DEP Bypass !/usr/bin/env python Exploit Title : LabF nfsAxe 3.7 FTP Client DEP Bypass Date : 12/8/2017 Exploit Author : wetw0rk Vendor Homepage : http://www.labf.com/nfsaxe/nfs-server.html Software link : http://www.labf.com/download/nfsaxe.exe...

LabF nfsAxe FTP Client 3.7 Buffer Overflow

!/usr/bin/env python Exploit Title : LabF nfsAxe 3.7 FTP Client DEP Bypass Date : 12/8/2017 Exploit Author : wetw0rk Vendor Homepage : http://www.labf.com/nfsaxe/nfs-server.html Software link : http://www.labf.com/download/nfsaxe.exe Version : 3.7 Tested on : Windows 7 x86 Description : Upon...

LabF nfsAxe FTP Client 3.7 - Remote Buffer Overflow (DEP Bypass)

!/usr/bin/env python Exploit Title : LabF nfsAxe 3.7 FTP Client DEP Bypass Date : 12/8/2017 Exploit Author : wetw0rk Vendor Homepage : http://www.labf.com/nfsaxe/nfs-server.html Software link : http://www.labf.com/download/nfsaxe.exe Version : 3.7 Tested on : Windows 7 x86 Description : Upon...

SocuSoft Co. Photo 2 Video Converter 8.0.0 Code Execution / DoS Exploit

SocuSoft Co. Photo 2 Video Converter Free and Pro variants version 8.0.0 suffer from a buffer overflow in the pdmlog.dll library. ================================================================================= | | | | | | | | | | | |/' | / / / / | ' | /| | ' \ \ / | '| \ \ \ /\ / / | | | \ |/ /...

Socusoft Photo 2 Video Converter 8.0.0 - Local Buffer Overflow

Socusoft Photo 2 Video Converter 8.0.0 - Local Buffer Overflow Exploit Title: Socusoft Photo 2 Video Converter v8.0.0 Local Buffer Overflow Free and Professional variants Date: 01/12/2017 Exploit Author: Jason Magic ret2eax Vendor Homepage: www.socusoft.com Version: 8.0.0 Tested on: Windows Serve...

Microsoft Windows 10 Creators Update version 1703 - Kernel Local Privilege Escalation Exploit

Microsoft Windows 10 Creators Update version 1703 x86 - 'WARBIRD' 'NtQuerySystemInformation ' Kernel Local Privilege Escalation / EDB Note Source https://gist.github.com/xpn/736daa4d1ff7b9869f4b3d1e9a34d315/ff2e2465d4a07588d0148dc87e77b17b41ef9d1d Source...

Dup Scout Enterprise 10.0.18 - Input Directory Local Buffer Overflow (SEH)

Dup Scout Enterprise 10.0.18 - Input Directory Local Buffer Overflow SEH !/usr/bin/python import struct Exploit Author: Miguel Mendez Z Exploit Title: Dup Scout Enterprise v10.0.18 "Input Directory" Local Buffer Overflow - SEH Unicode Date: 29-11-2017 Software: Dup Scout Enterprise Version:...

Dup Scout Enterprise 10.0.18 - 'Input Directory' Local Buffer Overflow (SEH)

!/usr/bin/python import struct Exploit Author: Miguel Mendez Z Exploit Title: Dup Scout Enterprise v10.0.18 "Input Directory" Local Buffer Overflow - SEH Unicode Date: 29-11-2017 Software: Dup Scout Enterprise Version: v10.0.18 Vendor Homepage: http://www.dupscout.com Software Link:...

ALLPlayer 7.5 - Local Buffer Overflow (SEH Unicode)

!/usr/bin/python Tested on: Windows 10 Professional x86 Exploit for previous version: https://www.exploit-db.com/exploits/42455/ Seems they haven't patched the vulnerability at all :D msfvenom -p windows/exec CMD="calc.exe" -e x86/unicodemixed BufferRegister=EAX -f python shellcode = "" shellcode...

Linux/x64 - Egghunter (0xbeefbeef) Shellcode (34 bytes)

Linux/x64 - Egghunter 0xbeefbeef Shellcode 34 bytes. Shellcode exploit for Linuxx86-64 platform global start section .text start: xor rsi,rsi push rsi ; starts the search at position 0 pop rdi nextpage: or di,0xfff inc rdi next4bytes: push 21 pop rax syscall cmp al,0xf2 jz nextpage mov...

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft

CVE-2017-11882 43b The original script comes from https://git...

Excalibur - An Eternalblue exploit payload based Powershell

Excalibur is an Eternalblue exploit based "Powershell" for the Bashbunny project. It's purpose is to reflect on how a "simple" USB drive can execute the 7 cyber kill chain. Excalibur may be used only for demostrations purposes only, and the developers are not responsible to any misuse or illeagal...