MS11-080 AfdJoinLeaf Privilege Escalation

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'rex' require 'msf/core/post/common' require...

MS11-080 AfdJoinLeaf Privilege Escalation

Exploit for windows platform in category remote exploits This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core'...

CPE17 Autorun Killer ASCII Buffer Overflow

Exploit Title: CPE17 Autorun Killer - ASCII Buffer Overflow Exploit Date: 01/10/2012 Author: mr.pr0n @pr0n Homepage: http://ghostinthelab.wordpress.com/ Software Link: http://download.thaiware.com/program15/cpe17antiautorun1590.rar Version: v.1.8.6 Build 1590 Tested on: Windows XP SP3...

MS11-080 AfdJoinLeaf Privilege Escalation

This module exploits a flaw in the AfdJoinLeaf function of the afd.sys driver to overwrite data in kernel space. An address within the HalDispatchTable is overwritten and when triggered with a call to NtQueryIntervalProfile will execute shellcode. This module will elevate itself to SYSTEM, then...

OS X x64 say Shellcode

Say an arbitrary string outloud using Mac OS X text2speech This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 53 include Msf::Payload::Single def initializeinfo = supermergeinfoinfo,...

OS X x64 Shell Reverse TCP

Connect back to attacker and spawn a command shell This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 128 include Msf::Payload::Single include Msf::Payload::Osx include...

Huawei Internet Mobile Overflow

!/usr/bin/perl Title : Huawei Technologies - Internet Mobile 0day Unicode SEH Based Vulnerability . Author : Dark-Puzzle Versions : All Versions Are Vulnerable , The behavior of the program when exploiting may vary from an OS to another OS . Vulnerable By Vendor : Morocco - Meditel 3G & Maroc...

linux/x86 - cp /etc/shadow /tmp && chmod 777 /tmp/shadow - 126 bytes

/ 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 x Official Website: http://www.1337day.com 0 1 x...

linux/x86 - "man /bin/cat" shellcode 121 bytes

/ 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 x Official Website: http://www.1337day.com 0 1 x...

linux/x86 - Nmap Default Router Services Scan - 73 bytes

/ 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 x Official Website: http://www.1337day.com 0 1 x...

CAS Modbus RTU Parser Buffer Overflow Exploit

Exploit for windows platform in category local exploits hello, nice to meet u A few day ago, Senator of Pirates published CAS Modbus RTU Parser Buffer Overflow PoC code, so i try to make Exploit Code, This is Exploit Title: CAS Modbus RTU Parser Buffer Overflow Exploit Date: 2012,09,07 Author:...

Internet Download Manager - Local Buffer Overflow (SEH)

Internet Download Manager - Local Buffer Overflow SEH !/usr/bin/perl 1 ========================================== 1 0 I'm Dark-Puzzle From Inj3ct0r TEAM 0 0 1 1 dark-puzzleatliveatfr 0 0 ========================================== 1 1 White Hat 1 0 Independant Pentester 0 1 exploit coder/bug...

linux/ARM - chmod("/etc/shadow", 0777) - 41 bytes

/ Title: Linux/ARM - chmod"/etc/shadow", 0777 - 41 bytes Date: 2012-09-08 Tested on: ARM1176JZF-S v6l Author: midnitesnake 00008054 : 8054: e28f6001 add r6, pc, 1 8058: e12fff16 bx r6 805c: 4678 mov r0, pc 805e: 3012 adds r0, 18 8060: 21ff movs r1, 255 ; 0xff 8062: 31ff adds r1, 255 ; 0xff 8064:...

linux/ARM - execve("/bin/sh", [0], [0 vars]) - 30 bytes

/ Title: Linux/ARM - execve"/bin/sh", 0, 0 vars - 30 bytes Date: 2012-09-08 Tested on: ARM1176JZF-S v6l Author: midnitesnake 00008054 : 8054: e28f6001 add r6, pc, 1 8058: e12fff16 bx r6 805c: 4678 mov r0, pc 805e: 300a adds r0, 10 8060: 9001 str r0, sp, 4 8062: a901 add r1, sp, 4 8064: 1a92 subs...

Simple Web Server 2.2-rc2 Code Execution

use IO::Socket; Exploit Title: SWS 2.2-rc2 - Remote code execution Egghunting + ASLR bypass Date: 28/8/2012 Special Regards to Mr.pr0n ,Corelan team , immunity u guys are first !!! based on a POC by MR. Pr0n Author: Dhruval [email protected] Tested on Windows 7 32bit NOTE : If exploit is not...

Winlog Lite SCADA HMI system SEH Overwrite Vulnerability

Exploit for windows platform in category dos / poc Vuln Title: Winlog Lite SCADA HMI system SEH 0verwrite Vulnerability Author: FaryadR a.k.a Ciph3r tested on : winXp sp3 and Winlog Lite 2.06.17 Version Twitter : https://twitter.com/faryadR Mail : email protected Website : http://0c0c0c0c.com...

Simple Web Server 2.2-rc2 ASLR Bypass Exploit

Exploit for windows platform in category remote exploits use IO::Socket; Exploit Title: SWS 2.2-rc2 - Remote code execution Egghunting + ASLR bypass Date: 28/8/2012 Special Regards to Mr.pr0n ,Corelan team , immunity u guys are first !!! based on a POC by MR. Pr0n Author: Dhruval email protected...

Simple Web Server 2.2-rc2 - ASLR Bypass

Simple Web Server 2.2-rc2 - ASLR Bypass use IO::Socket; Exploit Title: SWS 2.2-rc2 - Remote code execution Egghunting + ASLR bypass Date: 28/8/2012 Special Regards to Mr.pr0n ,Corelan team , immunity u guys are first !!! based on a POC by MR. Pr0n Author: pole Tested on Windows 7 32bit NOTE : If...

Simple Web Server 2.2-rc2 - ASLR Bypass

use IO::Socket; Exploit Title: SWS 2.2-rc2 - Remote code execution Egghunting + ASLR bypass Date: 28/8/2012 Special Regards to Mr.pr0n ,Corelan team , immunity u guys are first !!! based on a POC by MR. Pr0n Author: pole Tested on Windows 7 32bit NOTE : If exploit is not running properly configur...

Microsoft Windows Kernel - Intel x64 SYSRET (MS12-042)

Microsoft Windows Kernel - Intel x64 SYSRET MS12-042 Source: http://packetstormsecurity.org/files/115908/sysret.rar This is proof of concept code that demonstrates the Microsoft Windows kernel Intel/x64 SYSRET vulnerability as described in MS12-042. The shellcode disables code signing and will...