13 matches found
CVE-2026-36609
Mercusys AC12G (EU) V1 router affected. The vulnerability stems from a static authentication nonce that does not change between requests from the same source IP, compounded by a predictable XOR-based password encoding (securityEncode). This combination enables an attacker who captures authenticat...
CVE-2026-36609
Mercusys AC12G EU V1 router with firmware AC12GEUV1200909 uses a static authentication nonce that does not change between requests from the same source IP. Combined with the predictable XOR-based password encoding securityEncode function, this allows an attacker to reverse captured authentication...
ViperForge
...
Peplink Smart Reader web interface /cgi-bin/debug_dump.cgi information disclosure vulnerability
Talos Vulnerability Report TALOS-2023-1863 Peplink Smart Reader web interface /cgi-bin/debugdump.cgi information disclosure vulnerability April 17, 2024 CVE Number CVE-2023-43491 SUMMARY An information disclosure vulnerability exists in the web interface /cgi-bin/debugdump.cgi functionality of...
LightsOut - Generate An Obfuscated DLL That Will Disable AMSI And ETW
LightsOut will generate an obfuscated DLL that will disable AMSI & ETW while trying to evade AV. This is done by randomizing all WinAPI functions used, xor encoding strings, and utilizing basic sandbox checks. Mingw-w64 is used to compile the obfuscated C code into a DLL that can be loaded into a...
Researchers Unveil New Linux Malware Linked to Chinese Hackers
Cybersecurity researchers on Wednesday shed light on a new sophisticated backdoor targeting Linux endpoints and servers that's believed to be the work of Chinese nation-state actors. Dubbed "RedXOR" by Intezer, the backdoor masquerades as a polkit daemon, with similarities found between the malwa...
Linux/x86 - XOR Encoder / Decoder execve(/bin/sh) Shellcode (45 bytes)
/ ; XOR-Encoder.py ; Author: Daniele Votta ; Description: This program encode shellcode with XOR technique. ; Tested on: i686 GNU/Linux ; Shellcode Length:25 !/usr/bin/python Python XOR Encoder Execve /bin/sh shellcode...
Linux/x86-64 - setreuid(0,0) + execve(/bin/ash,NULL,NULL) + XOR Encoded Shellcode (85 bytes)
Title: Linux x86-64 setreuid 0,0 & execve"/bin/ash",NULL,NULL + XOR encoded - 85 bytes Author: egeektronic Twitter: @egeektronic Tested on: Slackware 13.37 Thanks: Mark Loiseau, entropy at phiral.net and metasm developer unsigned char shellcode =...
ARM Polymorphic execve("/bin/sh", ["/bin/sh"], NULL) Shellcode Generator
No description provided by source. / Title: Generator polymorphic shellcode on ARM architecture Date: 2010-07-07 Tested on: ARM926EJ-S rev 5 v5l Author: Jonathan Salwan Web: http://shell-storm.org | http://twitter.com/jonathansalwan ! Database of shellcodes http://www.shell-storm.org/shellcode/...
OSX Gather Autologin Password as Root
This module will steal the plaintext password of any user on the machine with autologin enabled. Root access is required. When a user has autologin enabled System Preferences - Accounts, OSX stores their password with an XOR encoding in /private/etc/kcpassword. This module requires Metasploit:...
linux/x86 - setreuid (0,0) & execve(/bin/ash,NULL,NULL) + XOR encoded - 58 bytes
Title: Linux x86 setreuid 0,0 & execve"/bin/ash",NULL,NULL + XOR encoded - 58 bytes Author: egeektronic Twitter: @egeektronic Tested on: Slackware 13.37 Thanks: Jonathan Salwan, Yuda Prawira and Rizki Wicaksono from ctypes import shell =...
HP StorageWorks - NSI Double Take Remote Overflow (Metasploit)
HP StorageWorks - NSI Double Take Remote Overflow Metasploit $Id: doubletake.rb 4529 2007-03-23 01:08:18Z $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensin...
CVE-2005-2915
The CVE-2005-2915 entry involves the Linksys WRT54G router (various 3.x releases) using a weak XOR-based encoding with a fixed mask for configuration data. This flaw could let an attacker decrypt configuration information and, in conjunction with CVE-2005-2914, potentially re-encrypt it. Connecte...