7260 matches found
linux/x86 read(0,buf,2541); chmod(buf,4755); 23 bytes
No description provided by source. / readnchmod-core.c by Charles Stevenson [email protected] Example of strace output if you pass in /bin/sh\x00 read0, /bin/sh\0, 2541 = 8 chmod/bin/sh, 04755 = 0 Any file path can be given. For example: /tmp/.sneakyguy The only caveat is that the string must be NU...
Allwin URLDownloadToFile + WinExec + ExitProcess Shellcode
No description provided by source. / Title: Allwin URLDownloadToFile + WinExec + ExitProcess Shellcode Date: 2013-22-01 Author: RubberDuck Web: http://bflow.security-portal.cz http://www.security-portal.cz Tested on: Win 2k, Win XP Home SP2/SP3 CZ 32, Win 7 32/64 -- file is downloaded from URL...
linux/x86 upload & exec 189 bytes
No description provided by source. UPLOAD & EXEC SHELLCODE 1 converting asm to hex 2 asm code 3 hex output 4 upload function This is an 'upload and exec' shellcode for the x86 platform. File has to be in executable format, cool if you know the distribution of the target, otherwise it is useless...
Linux Kernel 2.6.29 - ptrace_attach() Local Root Race Condition Exploit
No description provided by source. / GNU/Linux kernel 2.6.29 ptraceattach local root race condition exploit. ========================================================================== This is a local root exploit for the 2.6.29 ptraceattach race condition that allows a process to gain elevated...
WinSoftMagic Photo Editor PNG File Buffer Overflow Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/39354/info WinSoftMagic Photo Editor is prone to a remote buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized memory buffer. Successful...
Orbital Viewer 1.04 - (.ov) Local Universal Stack Overflow Exploit (SEH)
No description provided by source. !usr/bin/perl Pro: Orbital Viewer v1.04 .orb/.ov Local Universal Stack Overflow Exploit SEH Author: CrazyHacker Download: http://www.orbitals.com/orb/setupov.exe Date: 20-6-2010 Tested: WinXp SP2 $junk = 6060; $header = OrbitalFileV1.0\n; $nseh = \xeb\xf9\xff\xf...
AkkyWareHOUSE 7-zip32.dll 4.42 Heap-Based Buffer Overflow Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/25545/info AkkyWareHOUSE 7-zip32.dll is prone to a heap-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input. Attackers may be able to execute arbitrary machine code in the...
Linux/x86-64 - execve("/sbin/iptables", ["/sbin/iptables", "-F"], NULL) - 49 bytes
No description provided by source. / Title: Linux/x86-64 - execve/sbin/iptables, /sbin/iptables, -F, NULL - 49 bytes Author: 10n1z3d 10n1z3datwdotcn Date: Fri 09 Jul 2010 03:26:12 PM EEST Source Code NASM: section .text global start start: xor rax, rax push rax push word 0x462d mov rcx, rsp mov...
Xcmail 0.99.6 Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/311/info XCmail is an X11 mail client for linux. Arthur [email protected] discovered an exploitable buffer overflow vulnerability in xcmail. The bug appears when replying to a message with a long subject line, and...
ICONICS Vessel / Gauge / Switch 8.02.140 - ActiveX BOF Exploit (meta)
No description provided by source. $Id: iconicsdlgwrapper.rb 1 2008-09-21 22:43:00Z kf $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...
execve of /bin/sh after setreuid(0,0)
No description provided by source. / $Id: execve-setreuid.c,v 1.1 2001/05/02 18:10:52 raptor Exp $ execve-setreuid.c v1.0 - shellcode for Linux/i386 Copyright c 2001 Raptor [email protected] This shellcode does an execve of /bin/sh after a setreuid0, 0, then exits. / / ASM Code ; setreuid0...
Minishare 1.5.5 - Buffer Overflow Vulnerability (users.txt)
No description provided by source. Exploit Title: Minishare 1.5.5 Buffer Overflow Vulnerability users.txt Date: 11/02/2010 Author: Chris Gabriel Software Link: http://sourceforge.net/projects/minishare Version: 1.4.0 - 1.5.5 Tested on: Windows XP SP3 EN CVE: MessageBoxA TITLE=HAX TEXT=HAX WIN XP...
Realtek Audio Microphone Calibration 1.1.1.6 Exploit
No description provided by source. done by BraniX [email protected] www.hackers.org.pl found: 2010.08.24 tested on: Windows XP SP3 Home Edition App. has classic buffer overflow vulnerability it can be triggered by passing too long argument as a startup parameter. Shellcode can by run via...
RSP MP3 Player OCX 3.2 ActiveX Buffer Overflow
No description provided by source. html object classid='clsid:3C88113F-8CEC-48DC-A0E5-983EF9458687' id='target'/object script language='vbscript' ' Exploit Title: RSP MP3 Player OCX 3.2 ActiveX Buffer Overflow ' Date: July 9, 2010 ' Author: Blake ' Software Link:...
Safari JS JITed shellcode - exec calc (ASLR/DEP bypass)
No description provided by source. !-- JIT-SPRAY for Safari 4.0.5 - 5.0.0 JavaScript JIT SHELLCODE and spray for ASLR / DEP bypass Win x32 By Alexey Sintsov from Digital Security Research Group Special for Hack In The Box 2010 Amsterdam PAYLOAD - exec calc Tested on Windows7 and Windows XP. Sorry...
Freefloat FTP Server Buffer Overflow Vulnerability 0day
No description provided by source. Exploit Title: Freefloat FTP Server Buffer Overflow Vulnerability Date: 12/05/2010 Author: 0v3r Software Link: http://www.freefloat.com/software/freefloatftpserver.zip Tested on: Windows XP SP3 EN CVE: N/A !/usr/bin/python import socket import sys def usage: pri...
CoolPlayer 2.18 - M3U Playlist Buffer Overflow Exploit
No description provided by source. !/usr/bin/perl Versions affected: 2.18 Tested on: Windows XP Pro SP2 Author: data$hack Usage: expl.pl my $file= exs3.m3u; my $junk= A x 223; my $eip = pack'V',0x7C836940; jmp esp from kernel my $shellcode = \x90 x 10; $shellcode = $shellcode...
TORCS 1.3.1 acc Buffer Overflow
No description provided by source. / Exploit Title: TORCS acc Buffer Overflow Date: 20/12/2011 Author: Andres Gomez Software Link: http://torcs.sourceforge.net/ Version: torcs 1.3.1 Tested on: Windows CVE : / / This exploit generates a corrupted acc file which has to be saved in the directories...
OSX/Intel reverse_tcp shell x86_64 - 131 bytes
No description provided by source. ;osx x64 reverse tcp shellcode 131 bytes ;Jacob Hammack ;[email protected] ;http://www.hammackj.com ; ;props to http://www.thexploit.com/ for the blog posts on x64 osx asm ;I borrowed some of his code ; ;OSX reverse tcp shell 131 bytes ;replace FFFFFFFF...
Subtitle Processor 7.7.1 .M3U SEH Unicode Buffer Overflow
No description provided by source. $Id: subtitleprocessorm3ubof.rb 12461 2011-04-28 08:12:32Z sinn3r $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and...