Microsoft Windows 2003 SP2 ERRATICGOPHER SMB Remote Code Execution

!/usr/bin/env python -- coding: utf-8 -- By Victor Portal vportal for educational porpouse only This exploit is the python version of the ErraticGopher exploit probably with some modifications. ErraticGopher exploits a memory corruption seems to be a Heap Overflow in the Windows DCE-RPC Call...

Inject Custom Code Into PE File: InfectPE

Inject Custom Code Into PE File Using this tool you can inject x-code/shellcode into PE file. InjectPE works only with 32-bit executable files. Why you need InjectPE? You can test your security products. Use in a phishing campaign. Learn how PE injection works. …and so on. In the project, there i...

Microsoft Windows 2003 SP2 - ERRATICGOPHER SMB Remote Code Execution

Microsoft Windows 2003 SP2 - ERRATICGOPHER SMB Remote Code Execution !/usr/bin/env python -- coding: utf-8 -- By Victor Portal vportal for educational porpouse only This exploit is the python version of the ErraticGopher exploit probably with some modifications. ErraticGopher exploits a memory...

Microsoft Windows 2003 SP2 - 'ERRATICGOPHER' SMB Remote Code Execution

!/usr/bin/env python -- coding: utf-8 -- By Victor Portal vportal for educational porpouse only This exploit is the python version of the ErraticGopher exploit probably with some modifications. ErraticGopher exploits a memory corruption seems to be a Heap Overflow in the Windows DCE-RPC Call...

FIN7 Evolution and the Phishing LNK

FIN7 is a financially-motivated threat group that has been associated with malicious operations dating back to late 2015. FIN7 is referred to by many vendors as “Carbanak Group”, although we do not equate all usage of the CARBANAK backdoor with FIN7. FireEye recently observed a FIN7 spear phishin...

Linux/x86 - Egg-hunter Shellcode (18 bytes)

// Description: a 18 bytes egg hunter on contigous memory segments // // You are free to do whatever you want of this shellcode // // @phacktul / global start section .text start: mov eax, start ; we set a valid .text address into eax mov ebx, dword 0x50905091 ; we can avoid an 8 bytes tag in egg...

Linux/x86 - Egg-hunter Shellcode (18 bytes)

Linux/x86 - Egg-hunter Shellcode 18 bytes. Shellcode exploit for Linx86 platform // Description: a 18 bytes egg hunter on contigous memory segments // // You are free to do whatever you want of this shellcode // // @phacktul / global start section .text start: mov eax, start ; we set a valid .tex...

In-depth analysis of the N. S. A. took 5 years of IIS vulnerability-vulnerability warning-the black bar safety net

Source: Xuanwu lab Author: Ke Liu of Tencent’s Xuanwu Lab The 1. Vulnerability description 1.1 exploit description 2017 3 November 27, from South China University of technology the Zhiniang Peng and Chen Wu in GitHub 1 discloses an IIS 6.0 vulnerability exploit code, and specify its may 2016 7...

Writing a libemu/Unicorn Compatability Layer

In this post we are going to take a quick look at what it takes to write a libemu compatibility layer for the Unicorn engine. In the course of this work, we will also import the libemu Win32 environment to run under Unicorn. For a bit of background, libemu is a lightweight x86 emulator written in...

Writing a libemu/Unicorn Compatability Layer

In this post we are going to take a quick look at what it takes to write a libemu compatibility layer for the Unicorn engine. In the course of this work, we will also import the libemu Win32 environment to run under Unicorn. For a bit of background, libemu is a lightweight x86 emulator written in...

VirusChaser 8.0 Buffer Overflow

Exploit Title: Virus Chaser 8.0 - Scanner component, SEH Overflow Date: 14 April 2017 Exploit Author: 0x41Li [email protected] Vendor Homepage: https://www.viruschaser.com/ Software Link: https://www.viruschaser.com/download/VC80b32Setup.zip Tested on: Windows 7 Universal import os from struct...

xRaido 0.95 b '. xrl'local code execution vulnerability-vulnerability warning-the black bar safety net

Author: k0shl reprint please indicate the source: http://whereisk0shl.top Vulnerability description Software download: https://www.exploit-db.com/apps/d4623b69bd1b881fa7e440ca79f44ef2-xradio-setup-0.95b.exe PoC: !/ usr/bin/python windows/messagebox - 590 bytes x86/alphaupper...

VirusChaser 8.0 - Buffer Overflow (SEH) Exploit

Exploit for windows platform in category local exploits Exploit Title: Virus Chaser 8.0 - Scanner component, SEH Overflow Date: 14 April 2017 Exploit Author: 0x41Li email protected Vendor Homepage: https://www.viruschaser.com/ Software Link: https://www.viruschaser.com/download/VC80b32Setup.zip...

PCMAN FTP Server 2.0.7 GET Buffer Overflow

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'PCMAN FTP Server Buffer Overflow - GET Command', 'Description' = %q This module exploits a buffer overflow vulnerability found ...

Linux/x86-64 - execve("/bin/sh") Shellcode (31 bytes)

Linux/x86-64 - execve"/bin/sh" Shellcode 31 bytes. Shellcode exploit for Linx86-64 platform Hi, This time I wanna to submit a shellcode whose length is 31Bytes , It's tested on Linux x86-64 ;=========================================================== ===================== ; The MIT License ; ;...

PCMAN FTP Server 2.0.7 MKD Buffer Overflow Exploit

Exploit for windows platform in category remote exploits This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'PCMAN FTP Server Buffer Overflow - MKD Command', 'Description' = %q Th...

Linux/x86-64 - execve(/bin/sh) Shellcode (31 bytes)

Hi, This time I wanna to submit a shellcode whose length is 31Bytes , It's tested on Linux x86-64 ;=========================================================== ===================== ; The MIT License ; ; Copyright c ; ; Permission is hereby granted, free of charge, to any person obtaining a copy ;...

Windows 10 x64 - Egghunter Shellcode (45 bytes)

Windows 10 x64 - Egghunter Shellcode 45 bytes. Shellcode exploit for Winx86-64 platform PUBLIC Win10egghunterx64 .code Win10egghunterx64 PROC start: push 7fh pop rdi ; RDI is nonvolatile, so it will be preserved after syscalls setup: inc rdi ; parameter 1 - lpAddress - counter mov r9b,40h ;...

Windows 10 x64 - Egghunter Shellcode (45 bytes)

PUBLIC Win10egghunterx64 .code Win10egghunterx64 PROC start: push 7fh pop rdi ; RDI is nonvolatile, so it will be preserved after syscalls setup: inc rdi ; parameter 1 - lpAddress - counter mov r9b,40h ; parameter 3 - flNewProtect - 0x40 PAGEEXECUTEREADWRITE pop rsi ; Stack alignment before the...

CVE-2017-7269 IIS6. 0 remote code execution vulnerability analysis and Exploit-vulnerability warning-the black bar safety net

Author: k0shl reprint please indicate the source author of the blog: http://whereisk0shl.top Preface CVE-2017-7269 IIS 6.0 in the presence of a stack overflow vulnerability in IIS6. 0 processing PROPFIND command when, due to the length of the url without the effective length of the control and...