Ropr - A Blazing Fast Multithreaded ROP Gadget Finder. Ropper / Ropgadget Alternative

ropr is a blazing fast multithreaded ROP Gadget finder What is a ROP Gadget? ROP Return Oriented Programming Gadgets are small snippets of a few assembly instructions typically ending in a ret instruction which already exist as executable code within each binary or library. These gadgets may be...

IcoFX 2.6 - '.ico' Buffer Overflow SEH + DEP Bypass using JOP

Exploit Title: IcoFX 2.6 - '.ico' Buffer Overflow SEH + DEP Bypass using JOP Date: 2020-05-20 Exploit Author: Austin Babcock Vendor Homepage: https://icofx.ro/ Software Link: https://drive.google.com/file/d/1SONzNStAW3pAPU5IUvsYS3z0jYymEZn/view?usp=sharing Version: 2.6.0.0 Tested on: Windows 7...

Microsoft Internet Explorer 11 32-bit - Use-After-Free Exploit

Exploit Title: Microsoft Internet Explorer 11 32-bit - Use-After-Free Exploit Author: deadlock Forrest Orr Vendor Homepage: https://www.microsoft.com/ Software Link: https://www.microsoft.com/en-gb/download/internet-explorer.aspx Version: IE 8, 9, 10, and 11 Tested on: Windows 7 x64 and Windows 7...

Internet Explorer 11 - Use-After-Free

Exploit Title: Internet Explorer 11 - Use-After-Free Google Dork: if applicable Date: 2020-09-06 Exploit Author: Tgroup Vendor Homepage: Microsoft.com Version: IE 11 REQUIRED Tested on: Windows 7 x64 CVE : CVE-2020-0674 //...

WriteUp_GoogleCTF_2017

This is a PoC exploit for a vulnerability in the Inst Prof binary, which is a x8664 Linux binary with PIE and NX enabled. The exploit allocates two pages using code reuse, one page to stack pivot and the other page to execute a shellcode. The shellcode is executed by dereferencing a text pointer...

10-Strike Bandwidth Monitor 3.9 - Buffer Overflow (SEH) (ASLR + DEP Bypass)

Exploit Title: 10-Strike Bandwidth Monitor 3.9 - Buffer Overflow SEH,DEP,ASLR Exploit Author: Bobby Cooke Date: 2020-07-07 Vendor Site: https://www.10-strike.com/ Software Download: https://www.10-strike.com/bandwidth-monitor/bandwidth-monitor.exe Tested On: Windows 10 - Pro 1909 x86 Version:...

Bandwidth Monitor 3.9 Full ROP Buffer Overflow

Exploit Title: Bandwidth Monitor 3.9 - Full ROP Buffer Overflow SEH,DEP,ASLR Exploit Author: Bobby Cooke Date: June 7th, 2020 Vendor Site: https://www.10-strike.com/ Software Download: https://www.10-strike.com/bandwidth-monitor/bandwidth-monitor.exe Tested On: Windows 10 - Pro 1909 x86 Version:...

10-Strike Bandwidth Monitor 3.9 Buffer Overflow

Exploit Title: 10-Strike Bandwidth Monitor 3.9 - ROP VirtualAlloc - Buffer Overflow SEH,DEP,ASLR Exploit Author: Bobby Cooke Date: June 7th, 2020 Vendor Site: https://www.10-strike.com/ Software Download: https://www.10-strike.com/bandwidth-monitor/bandwidth-monitor.exe Tested On: Windows 10 - Pr...

10-Strike Bandwidth Monitor 3.9 Buffer Overflow Exploit

10-Strike Bandwidth Monitor version 3.9 ROP VirtualAlloc buffer overflow exploit with SEH, DEP, and ASLR. Exploit Title: 10-Strike Bandwidth Monitor 3.9 - ROP VirtualAlloc - Buffer Overflow SEH,DEP,ASLR Exploit Author: Bobby Cooke Date: June 7th, 2020 Vendor Site: https://www.10-strike.com/...

AIDA64 Extreme Edition 5.99.4800 - Local SEH Buffer Overflow Exploit

Exploit for windows platform in category local exploits !/usr/bin/python Exploit Title: AIDA64 Extreme 5.99.4800 - SEH Buffer Overflow EggHunter Vendor Homepage: https://www.aida64.com Software Link: http://download.aida64.com/aida64extreme599.exe Mirror Link :...

AIDA64 Extreme / Engineer / Network Audit 5.99.4900 - SEH Buffer Overflow (EggHunter)

!/usr/bin/python Exploit Title: AIDA64 Extreme 5.99.4900 - SEH Buffer Overflow EggHunter Date: 2019-04-01 Vendor Homepage: https://www.aida64.com Software Link: http://download.aida64.com/aida64extreme599.exe Mirror Link : https://www.nikktech.com/main/downloads/finalwire/aida64extreme599.exe...

In ie8 using ROP and Heap Spray using the bounce of the shell-vulnerability warning-the black bar safety net

This exploit program is for the Windows 7 platform on the IE8 browser. The focus of our attention is one that uses the Java network launch Protocol JNLP the plug-in, this plug-in there is overflow vulnerability. In order to achieve the use, I will use the Heaplib to construct a ROP chain in order...

DiskBoss Enterprise 7.4.28 - GET Remote Buffer Overflow

DiskBoss Enterprise 7.4.28 - GET Remote Buffer Overflow !/usr/bin/python import socket,os,time SEH Stack Overflow in GET request DiskBoss Enterprise 7.4.28 Tested on Windows XP SP3 & Windows 7 Professional For educational proposes only host = "192.168.1.20" port = 80 badchars \x00\x09\x0a\x0d\x20...

Apache 2.4.7 + PHP 7.0.2 - 'openssl_seal()' Uninitialized Memory Code Execution

?php // Source: http://akat1.pl/?id=1 function getmaps $fh = fopen"/proc/self/maps", "r"; $maps = fread$fh, 331337; fclose$fh; return explode"\n", $maps; function findmap$sym $addr = 0; foreachgetmaps as $record if strstr$record, $sym && strstr$record, "r-xp" $addr = hexdecexplode'-', $record0;...

Apache 2.4.7 + PHP 7.0.2 - openssl_seal() Uninitialized Memory Code Execution

Apache 2.4.7 + PHP 7.0.2 - opensslseal Uninitialized Memory Code Execution ?php // Source: http://akat1.pl/?id=1 function getmaps $fh = fopen"/proc/self/maps", "r"; $maps = fread$fh, 331337; fclose$fh; return explode"\n", $maps; function findmap$sym $addr = 0; foreachgetmaps as $record if...

Android libstagefright - Integer Overflow Remote Code Execution

Exploit for Android platform in category remote exploits !/usr/bin/python2 import cherrypy import os import pwnlib.asm as asm import pwnlib.elf as elf import sys import struct with open'shellcode.bin', 'rb' as tmp: shellcode = tmp.read while lenshellcode % 4 != 0: shellcode += '\x00' heap groomin...

Google Android - libstagefright Integer Overflow Remote Code Execution

Google Android - libstagefright Integer Overflow Remote Code Execution !/usr/bin/python2 import cherrypy import os import pwnlib.asm as asm import pwnlib.elf as elf import sys import struct with open'shellcode.bin', 'rb' as tmp: shellcode = tmp.read while lenshellcode % 4 != 0: shellcode += '\x00...

Internet Explorer 8 MS14-035 Use-After-Free Exploit

影响平台： Windows Server 2003 Service Pack 2 Windows Vista Service Pack 2 Windows Server 2008 Service Pack 2 Windows 7 Service Pack 1 Windows Server 2008 R2 Service Pack 1 漏洞简介： 这个漏洞是由TrendLabs私下发给微软，并且成为微软14年6月份补丁，编号MS14-035。尽管这个漏洞已经修复，这是个值得学习的UAF案例。 触发这个漏洞的POC如下： !-- Exploit Title: MS14-035...

Easy File Management Web Server v5.3 - UserID Remote Buffer Overflow (ROP)

No description provided by source. !/usr/bin/python Exploit Title: Easy File Management Web Server v5.3 - USERID Remote Buffer Overflow ROP Version: 5.3 Date: 2014-05-31 Author: Julien Ahrens @MrTuxracer Homepage: http://www.rcesecurity.com Software Link: http://www.efssoft.com/ Tested on:...

A-PDF Wav to MP3 Converter 1.2.0 - DEP Bypass

No description provided by source. Exploit Title: A-PDF Wav to MP3 Converter v 1.2.0 DEP Bypass Software Link: http://www.a-pdf.com/wav-to-mp3/a-pdf-wtm.exe Version: 1.2.0 Tested on: Win XP SP3 French Date: 12/05/2011 Author: h1ch4m Hicham Oumounid Email: [email protected] Home:...