Vmware virtual machine escape Vulnerability CVE-2017-4901）Exploit code analysis and use-vulnerability and early warning-the black bar safety net

0×01 event analysis 2017 7 on 19 unamer in its github released a for Vmware virtual machine escape exploit source code, using C++. The alleged impact of Vmware Workstation 12.5.5 the previous version, and gives a demonstration of the process, to achieve a from the virtual machine to the host...

Razer Synapse rzpnk.sys ZwOpenProcess

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/exploit/local/windowskernel' require 'rex' require 'metasm' class MetasploitModule 'Razer Synapse rzpnk.sys ZwOpenProcess', 'Description' = %q A...

Linux/x86_64 - Reverse Shell (192.168.1.8:4444) Shellcode (104 bytes)

/ ;Category: Shellcode ;Title: GNU/Linux x8664 - Reverse Shell Shellcode ;Author: m4n3dw0lf ;Github: https://github.com/m4n3dw0lf ;Date: 18/07/2017 ;Architecture: Linux x8664 ;Tested on: 1 SMP Debian 4.9.18-1 2017-03-30 x8664 GNU/Linux Source section .text global start start: push rbp mov rbp,rsp...

Linux/x86_64 - Reverse Shell (192.168.1.8:4444) Shellcode (104 bytes)

Linux/x8664 - Reverse Shell 192.168.1.8:4444 Shellcode 104 bytes. Shellcode exploit for Linx86-64 platform / ;Category: Shellcode ;Title: GNU/Linux x8664 - Reverse Shell Shellcode ;Author: m4n3dw0lf ;Github: https://github.com/m4n3dw0lf ;Date: 18/07/2017 ;Architecture: Linux x8664 ;Tested on: 1 S...

WinPayloads: Generate Undetectable Windows Payloads!

PenTestIT RSS Feed An older post of mine - MicroSploit dealt with generating backdoored documents for the Office platform. This post is about another open source framework, called WinPayloads which helps you create custom malicious payloads for the Microsoft Windows operating system. What is...

Razer Synapse rzpnk.sys ZwOpenProcess

A vulnerability exists in the latest version of Razer Synapse v2.20.15.1104 as of the day of disclosure which can be leveraged locally by a malicious application to elevate its privileges to those of NTAUTHORITY\SYSTEM. The vulnerability lies in a specific IOCTL handler in the rzpnk.sys driver th...

Easy File Sharing Web Server 7.2 - GET PassWD Remote Buffer Overflow (DEP Bypass)

Easy File Sharing Web Server 7.2 - GET PassWD Remote Buffer Overflow DEP Bypass !/usr/bin/python Exploit Title: Easy File Sharing Web Server 7.2 - GET Buffer Overflow DEP Bypass with ROP Date: 8 July 2017 Exploit Author: Sungchul Park Author Contact: [email protected] Vendor Homepage:...

Linux/x86 - Reverse TCP Shellcode (67 bytes)

/ Tiny Shell Reverse TCP Shellcode - C Language Linux/x86 Written in 2013 by Geyslan G. Bem, Hacking bits http://hackingbits.com email protected This source is licensed under the Creative Commons Attribution-ShareAlike 3.0 Brazil License. To view a copy of this license, visit...

Exploring the crypt: Analysis of the WannaCrypt ransomware SMB exploit propagation

Note: Read our latest comprehensive report on ransomware: Ransomware 1H 2017 review: Global outbreaks reinforce the value of security hygiene. On May 12, there was a major outbreak of WannaCrypt ransomware. WannaCrypt directly borrowed exploit code from the ETERNALBLUE exploit and the DoublePulsa...

Easy File Sharing Web Server 7.2 - Account Import Local Buffer Overflow (SEH)

Easy File Sharing Web Server 7.2 - Account Import Local Buffer Overflow SEH !/usr/bin/python 2017/6/17 Chako EFS Web Server 7.2 - Local Buffer OverflowSEH Tested on: Windows XP SP3 EN DEP Off Software Link: https://www.exploit-db.com/apps/60f3ff1f3cd34dec80fba130ea481f31-efssetup.exe Description:...

Easy File Sharing Web Server 7.2 - GET HTTP Request (PassWD) Buffer Overflow (SEH) Exploit

Exploit for windows platform in category remote exploits !/usr/bin/python Exploit Title: Easy File Sharing Web Server 7.2 - GET HTTP Request PassWD Buffer Overflow SEH Date: 19 June 2017 Exploit Author: clubjk Author Contact: email protected Vendor Homepage: http://www.sharing-file.com Software...

Easy File Sharing Web Server 7.2 - Account Import Local Buffer Overflow (SEH)

!/usr/bin/python 2017/6/17 Chako EFS Web Server 7.2 - Local Buffer OverflowSEH Tested on: Windows XP SP3 EN DEP Off Software Link: https://www.exploit-db.com/apps/60f3ff1f3cd34dec80fba130ea481f31-efssetup.exe Description: When importing a large user account file on to EFS Web Server 7.2 will...

Linux/x86 - Bind Shell Shellcode (75 bytes)

Linux/x86 - Bind Shell Shellcode 75 bytes. Shellcode exploit for Linx86 platform / Architecture : x86 OS : Linux Author : wetw0rk ID : SLAE-958 Shellcode Size : 75 bytes Bind Port : 4444 Description : A linux/x86 bind shell via /bin/sh. Created by analysing msfvenom; original payload was 78 bytes...

Linux/x86 - Bind Shell Shellcode (75 bytes)

/ Architecture : x86 OS : Linux Author : wetw0rk ID : SLAE-958 Shellcode Size : 75 bytes Bind Port : 4444 Description : A linux/x86 bind shell via /bin/sh. Created by analysing msfvenom; original payload was 78 bytes and contained 1 NULL. My shellcode is 75 and contains 0 NULLS ;. Original...

Linux/x86 - Reverse UDP Shellcode (668 bytes)

; SLAE-X ; thanks to writesup from previou students : ; assignment: 2. create a reverse shell ; originality: using UDP instead TCP ; usage : sudo ncat -lup 53 on the receiving end ; warning, this shellcode might contains null byte if you use certain ip / address %define htonsx x 8 & 0xFF | x & 0x...

Easy File Sharing 7.2 Buffer Overflow

!/usr/bin/python Exploit Title: Easy File Sharing Web Server 7.2 - 'POST' Buffer Overflow DEP Bypass with ROP Exploit Author: bl4ck h4ck3r Software Link: http://www.sharing-file.com/efssetup.exe Version: Easy File Sharing Web Server v7.2 Tested on: Windows XP SP2, Windows 2008 R2 x64 import socke...

VX Search Enterprise 9.7.18 - Local Buffer Overflow

VX Search Enterprise 9.7.18 - Local Buffer Overflow import os import struct author = ''' Created: ScrR1pTK1dd13 Name: Greg Priest Mail: [email protected] Exploit Title: VX Search Enterprise v9.7.18 Import Local Buffer Overflow Vuln. Date: 2017.06.15 Exploit Author: Greg Priest Versio...

Linux/x86 - XOR encoded execve(/bin/sh) setuid(0) setgid(0) Shellcode (66 bytes)

;Title: Linux/x86 - 66 byte - execve/bin/sh - setuid0 - setgid0 - XOR encrypted ;Author: nullparasite ;Contact: email protected ;Category: Shellcode ;Architecture: Linux x86 ;Description: This shellcode, first set uid and gid to zero then call shell using execve. Also, /bin/sh defined as a XOR...

Linux/x86 - XOR encoded execve(/bin/sh) setuid(0) setgid(0) Shellcode (66 bytes)

Linux/x86 - XOR encoded execve/bin/sh setuid0 setgid0 Shellcode 66 bytes. Shellcode exploit for Linx86 platform ;Title: Linux/x86 - 66 byte - execve/bin/sh - setuid0 - setgid0 - XOR encrypted ;Author: nullparasite ;Contact: [email protected] ;Category: Shellcode ;Architecture: Linux x86...

Linux/x86_64 - execve("/bin/sh") Shellcode (24 bytes)

Linux/x8664 - execve"/bin/sh" Shellcode 24 bytes. Shellcode exploit for Linx86-64 platform / ;Category: Shellcode ;Title: GNU/Linux x8664 - execve /bin/sh ;Author: m4n3dw0lf ;Github: https://github.com/m4n3dw0lf ;Date: 14/06/2017 ;Architecture: Linux x8664 ;Tested on : 1 SMP Debian 4.9.18-1...