Allwin WinExec add new local administrator + ExitProcess Shellcode

No description provided by source. / Title: Allwin WinExec add new local administrator + ExitProcess Shellcode - 272 bytes Date: 2011-05-25 Author: RubberDuck Web: http://bflow.security-portal.cz Tested on: Win 2k, Win 2003, Win XP Home SP2/SP3 CZ/ENG 32, Win Vista 32/64, Win 7 32/64, Win 2k8 32 ...

DNS Reverse Download and Exec Shellcode

DNS Reverse Download and Exec Shellcode. Shellcode exploit for windows platform Shellcode: download and execute file via reverse DNS channel Features: Windows 7 tested UAC without work svchost.exe makes requests via getaddrinfo Firewall/Router/Nat/Proxy bypass reverse connection like dnscat do, b...

Allwin WinExec add new local administrator + ExitProcess Shellcode

/ Title: Allwin WinExec add new local administrator + ExitProcess Shellcode - 272 bytes Date: 2011-05-25 Author: RubberDuck Web: http://bflow.security-portal.cz Tested on: Win 2k, Win 2003, Win XP Home SP2/SP3 CZ/ENG 32, Win Vista 32/64, Win 7 32/64, Win 2k8 32 -- command: cmd.exe /c net user...

PHP Socket connect() Stack Buffer Overflow

Hi there, This is a quick writeup about some fun with apache based on CVE-2011-1938 that was disclosed yesterday. While the first POC was literally just a trivial POC - the second one was written for self-educational purposes we leared quite a lot which is the most important thing and we hope it...

Allwin WinExec add new local administrator + ExitProcess Shellcode

Allwin WinExec add new local administrator + ExitProcess Shellcode. Shellcode exploit for windows platform / Title: Allwin WinExec add new local administrator + ExitProcess Shellcode - 279 bytes Date: 2011-05-25 Author: RubberDuck Web: http://bflow.security-portal.cz Tested on: Win 2k, Win 2003,...

PHP 5.3.5 - socket_connect() Local Buffer Overflow

PHP 5.3.5 - socketconnect Local Buffer Overflow...

Inside a Malicious PDF Attack

PDFs are widely used business file format, which makes them a common target for malware attacks. On the surface, PDFs are secure, but because they have so many “features,” hackers have learned how to hide attacks deep under the surface. By using a number of utilities, we are able to reverse...

Exploit writing tutorial part 2 - Jumping to shellcode [RUS by pleaZ]

Автор: Peter Van Eeckhoutte corelanc0d3r Перевод: peaz 5/2011 В предыдущей части руководства Part1: Stack Based Overflows, я объяснял основы по использованию информации о найденной уязвимости в целях создания собственного эксплойта. На примере из предыдущей части, мы видели, что ESP указывал на...

Linux Execute Command

Execute an arbitrary command or just a /bin/sh shell This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 44 include Msf::Payload::Single include Msf::Payload::Linux::X64::Prepends def...

AVS Ringtone Maker '.au'文件缓冲区溢出漏洞

Bugtraq ID: 47851 AVS Ringtone Maker允许用户定制铃声。 AVS Ringtone Maker不正确处理'.au'文件，攻击者构建恶意文件，诱使用户解析可触发缓冲区溢出，成功利用漏洞可以以应用程序安全上下文执行任意代码。 Online Media Technologies Ltd AVS Ringtone Maker 1.6.1 厂商解决方案 目前没有详细解决方案提供： http://www.avs4you.com/AVS-Ringtone-Maker.aspx !/usr/bin/perl system"cls"; sub logo print q'...

SpongeBob SquarePants Typing - Local Buffer Overflow (SEH)

SpongeBob SquarePants Typing - Local Buffer Overflow SEH SEH overwrite exploit for SpongeBob SquarePants Typing from The Learning Company http://goo.gl/1EHaD Date: May 4th 2011 Author: Infant Overflow .-. - - || / \ | | | | | | | | / Fresh out the womb laying the smack down on SpongeBob I like my...

SpongeBob SquarePants Typing Buffer Overflow (SEH)

Exploit for windows platform in category local exploits SEH overwrite exploit for SpongeBob SquarePants Typing from The Learning Company http://goo.gl/1EHaD Date: May 4th 2011 Author: Infant Overflow .-. - - || / \ | | | | | | | | / Fresh out the womb laying the smack down on SpongeBob I like my...

linux/x86 Command Exec (reboot) Shellcode - 37 Bytes

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 + Site : 1337day.com 0 1 + Support e-mail :...

BSDi/x86 - BindShell on 31337 port - Shellcode 117 Bytes

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 + Site : 1337day.com 0 1 + Support e-mail :...

win32/xp sp3 Command Execution exploit/shellcode - 44 Bytes + CMD

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 + Site : 1337day.com 0 1 + Support e-mail :...

win32/xp sp3 Alphanumeric Shutdown 18s - Shellcode - 534 Bytes

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 + Site : 1337day.com 0 1 + Support e-mail :...

Sonique 1.96 .m3u Buffer Overflow

Exploit for windows platform in category local exploits Application: Sonique BOF EIP Overwrite Version: 1.96 Author: Securityxxxpert Date Submitted: May 17, 2011 Download Link: http://www.tucows.com/preview/193562 Tested on: Windows XP SP3 EIP Overwritten: 239 Bytes Pita Bytes: 0x00 0x83 0x88 0x9...

Sonique 1.96 - .m3u Local Buffer Overflow

Sonique 1.96 - .m3u Local Buffer Overflow Application: Sonique BOF EIP Overwrite Version: 1.96 Author: Securityxxxpert Date Submitted: May 17, 2011 Download Link: http://www.tucows.com/preview/193562 Tested on: Windows XP SP3 EIP Overwritten: 239 Bytes Pita Bytes: 0x00 0x83 0x88 0x93 Notes: Not...

Sonique 1.96 - '.m3u' Local Buffer Overflow

Application: Sonique BOF EIP Overwrite Version: 1.96 Author: Securityxxxpert Date Submitted: May 17, 2011 Download Link: http://www.tucows.com/preview/193562 Tested on: Windows XP SP3 EIP Overwritten: 239 Bytes Pita Bytes: 0x00 0x83 0x88 0x93 Notes: Not universal, find your own offsets if not SP3...

AVS Ringtone Maker 1.6.1 - SEH Overflow Exploit

Exploit for windows platform in category local exploits 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 +...