Solaris 7/8/9 (SPARC) - 'dtprintinfo' Local Privilege Escalation (2)

/ raptordtprintnamesparc2.c - dtprintinfo 0day, Solaris/SPARC Copyright c 2004-2019 Marco Ivaldi 0day buffer overflow in the dtprintinfo1 CDE Print Viewer, leading to local root. Many thanks to Dave Aitel for discovering this vulnerability and for his interesting research activities on...

Linux/x86-64 - Delete File Shellcode (28 bytes)

;Title: Linux/x8664 - delete ;Author: Aron Mihaljevic ;Architecture: Linux x8664 ;Shellcode Length: 28 bytes This shellcode deletes file declared in "fname" ==================ASSEMBLY ======================================== global start section .text start: jmp short file delete: push 87...

JetAudio jetCast Server 2.0 Buffer Overflow

Title: JetAudio jetCast Server 2.0 'Log Directory' Local SEH Alphanumeric Encoded Buffer Overflow Date: May 13th, 2019 Author: Connor McGarr https://connormcgarr.github.io Vendor Homepage: http://www.jetaudio.com/ Software Link:...

JetAudio jetCast Server 2.0 - 'Log Directory' Local SEH Alphanumeric Encoded Buffer Overflow

Title: JetAudio jetCast Server 2.0 'Log Directory' Local SEH Alphanumeric Encoded Buffer Overflow Date: May 13th, 2019 Author: Connor McGarr https://connormcgarr.github.io Vendor Homepage: http://www.jetaudio.com/ Software Link:...

Exploit for Use After Free in Microsoft

CVE-2019-0708 PoC ===========...

Linux/x86 - /sbin/iptables -F Shellcode (43 bytes)

Title: Linux/x86 - /sbin/iptables -F Shellcode 43 bytes Author: Xavi Beltran Contact: email protected Webpage: https://xavibel.com Purpose: flush iptables rules Tested On: Ubuntu 3.5.0-17-generic Arch: x86 Size: 43 bytes iptables-flush.nasm global start section .text start: xor eax, eax push eax...

Chrome 72.0.3626.119 FileReader Use-After-Free Exploit

This exploit takes advantage of a use after free vulnerability in Google Chrome 72.0.3626.119 running on Windows 7 x86. The FileReader.readAsArrayBuffer function can return multiple references to the same ArrayBuffer object, which can be freed and overwritten with sprayed objects. The dangling...

Chrome 72.0.3626.119 FileReader Use-After-Free

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Chrome 72.0.3626.119 FileReader UaF exploit for Windows 7 x86', 'Description' = %q This exploit takes advantage of a use after free vulnerability...

Google Chrome 72.0.3626.119 - 'FileReader' Use-After-Free (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Chrome 72.0.3626.119 FileReader UaF exploit for Windows 7 x86', 'Description' = %q This exploit takes advantage of a use after free vulnerability...

Admin Express 1.2.5.485 - Folder Path Local SEH Alphanumeric Encoded Buffer Overflow

Admin Express 1.2.5.485 - Folder Path Local SEH Alphanumeric Encoded Buffer Overflow Title: Admin Express v1.2.5.485 'Folder Path' Local SEH Alphanumeric Encoded Buffer Overflow Date: May 6th, 2019 Author: Connor McGarr https://connormcgarr.github.io Vendor Homepage:...

Admin Express 1.2.5.485 Buffer Overflow

Title: Admin Express v1.2.5.485 Folder Path Local SEH Alphanumeric Encoded Buffer Overflow Date: May 6th, 2019 Author: Connor McGarr https://connormcgarr.github.io Vendor Homepage: https://admin-express.en.softonic.com/ Software Link: https://admin-express.en.softonic.com/download Version...

Linux/x86 - execve /bin/sh Shellcode (20 bytes)

/ Linux/x86 - execve /bin/sh shellcode 20 bytes Author: Rajvardhan Tested on: i686 GNU/Linux Shellcode Length: 20 Disassembly of section .text: 08049000 : 8049000: 31 c9 xor %ecx,%ecx 8049002: 6a 0b push $0xb 8049004: 58 pop %eax 8049005: 51 push %ecx 8049006: 68 2f 2f 73 68 push $0x68732f2f...

Admin Express 1.2.5.485 - 'Folder Path' Local SEH Alphanumeric Encoded Buffer Overflow

Title: Admin Express v1.2.5.485 'Folder Path' Local SEH Alphanumeric Encoded Buffer Overflow Date: May 6th, 2019 Author: Connor McGarr https://connormcgarr.github.io Vendor Homepage: https://admin-express.en.softonic.com/ Software Link: https://admin-express.en.softonic.com/download Version...

Chrome 72.0.3626.119 FileReader UaF exploit for Windows 7 x86

This exploit takes advantage of a use after free vulnerability in Google Chrome 72.0.3626.119 running on Windows 7 x86. The FileReader.readAsArrayBuffer function can return multiple references to the same ArrayBuffer object, which can be freed and overwritten with sprayed objects. The dangling...

Xitami Web Server 2.5 - Remote Buffer Overflow (SEH + Egghunter)

Xitami Web Server 2.5 - Remote Buffer Overflow SEH + Egghunter Exploit Title: Xitami Web Server 2.5 Remote Buffer Overflow SEH + Egghunter Date: May 4, 2019 Author: ElSoufiane Version: 2.5b4 Tested on: Windows Vista Ultimate Build 6000 and Windows XP SP3 Professional Discovered by: Krystian...

Xitami Web Server 2.5 - Remote Buffer Overflow (SEH + Egghunter) Exploit

Exploit Title: Xitami Web Server 2.5 Remote Buffer Overflow SEH + Egghunter Author: ElSoufiane Version: 2.5b4 Tested on: Windows Vista Ultimate Build 6000 and Windows XP SP3 Professional Discovered by: Krystian Kloskowski Set up a multi handler listener in MSFConsole then run exploit...

Xitami Web Server 2.5 - Remote Buffer Overflow (SEH + Egghunter)

Exploit Title: Xitami Web Server 2.5 Remote Buffer Overflow SEH + Egghunter Date: May 4, 2019 Author: ElSoufiane Version: 2.5b4 Tested on: Windows Vista Ultimate Build 6000 and Windows XP SP3 Professional Discovered by: Krystian Kloskowski Set up a multi handler listener in MSFConsole then run...

Linux/x86 - shred file Shellcode (72 bytes)

Exploit Title: Linux/x86 shred file 72 bytes Google Dork: None Exploit Author: strider Vendor Homepage: None Software Link: None Tested on: Debian 9 Stretch i386/ Kali Linux i386 CVE : None Shellcode Length: 72 ------------------------------Description--------------------------------- This...

Linux/x86 - Multiple keys XOR Encoder / Decoder execve(/bin/sh) Shellcode (59 bytes)

Title: Linux/x86 - Multiple keys XOR Encoder / Decoder execve/bin/sh Shellcode 59 bytes Author: Xavi Beltran Date: 05/05/2019 Contact: email protected Purpose: spawn /bin/sh shell Tested On: Ubuntu 3.5.0-17-generic Arch: x86 Size: 59 bytes sh.nasm global start section .text start: xor eax, eax pu...

Linux/x86 openssl aes256cbc encrypt files small like ransomware (185 bytes)

Exploit Title: Linux/x86 openssl aes256cbc encrypt files small like ransomware 185 bytes Exploit Author: strider Vendor Homepage: None Software Link: None Tested on: Debian 9 Stretch i386/ Kali Linux i386 CVE : None Shellcode Length: 185...